Software /
code /
prosody-modules
Comparison
mod_auth_ldap/mod_auth_ldap.lua @ 1274:4b15437d6c56
mod_auth_ldap: Add support for binding
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 15 Jan 2014 14:45:37 +0100 |
parent | 1273:1b543060f31e |
child | 1287:da2e593317d7 |
comparison
equal
deleted
inserted
replaced
1273:1b543060f31e | 1274:4b15437d6c56 |
---|---|
9 local ldap_password = module:get_option_string("ldap_password", ""); | 9 local ldap_password = module:get_option_string("ldap_password", ""); |
10 local ldap_tls = module:get_option_boolean("ldap_tls"); | 10 local ldap_tls = module:get_option_boolean("ldap_tls"); |
11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); |
12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); | 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); |
13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
14 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); | |
14 | 15 |
15 -- Initiate connection | 16 -- Initiate connection |
16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 17 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
17 module.unload = function() ld:close(); end | 18 module.unload = function() ld:close(); end |
18 | 19 |
41 local dn, attr = get_user(username); | 42 local dn, attr = get_user(username); |
42 if not dn then return nil, attr end | 43 if not dn then return nil, attr end |
43 if attr.userPassword == password then return true end | 44 if attr.userPassword == password then return true end |
44 return ld:modify(dn, { '=', userPassword = password })(); | 45 return ld:modify(dn, { '=', userPassword = password })(); |
45 end | 46 end |
46 function provider.get_password(username) | 47 |
47 local dn, attr = get_user(username); | 48 if ldap_mode == "getpasswd" then |
48 if dn and attr then | 49 function provider.get_password(username) |
49 return attr.userPassword; | 50 local dn, attr = get_user(username); |
51 if dn and attr then | |
52 return attr.userPassword; | |
53 end | |
50 end | 54 end |
51 end | |
52 | 55 |
53 function provider.test_password(username, password) | 56 function provider.test_password(username, password) |
54 return provider.get_password(username) == password; | 57 return provider.get_password(username) == password; |
55 end | 58 end |
56 | 59 |
57 function provider.get_sasl_handler() | 60 function provider.get_sasl_handler() |
58 return new_sasl(module.host, { | 61 return new_sasl(module.host, { |
59 plain = function(sasl, username) | 62 plain = function(sasl, username) |
60 local password = provider.get_password(username); | 63 local password = provider.get_password(username); |
61 if not password then return "", nil; end | 64 if not password then return "", nil; end |
62 return password, true; | 65 return password, true; |
63 end | 66 end |
64 }); | 67 }); |
68 end | |
69 elseif ldap_mode == "bind" then | |
70 local function test_password(userdn, password) | |
71 return not not lualdap.open_simple(ldap_server, userdn, password, ldap_tls); | |
72 end | |
73 | |
74 function provider.test_password(username, password) | |
75 local dn = get_user(username); | |
76 if not dn then return end | |
77 return test_password(dn, password) | |
78 end | |
79 | |
80 function provider.get_sasl_handler() | |
81 return new_sasl(module.host, { | |
82 plain_test = function(sasl, username, password) | |
83 return provider.test_password(username, password), true; | |
84 end | |
85 }); | |
86 end | |
87 else | |
88 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); | |
65 end | 89 end |
66 | 90 |
67 module:provides("auth", provider); | 91 module:provides("auth", provider); |