Comparison

mod_auth_ldap/mod_auth_ldap.lua @ 1163:52bee1247014

mod_auth_ldap: Add a configurable scope, defaulting to onelevel
author Kim Alvefur <zash@zash.se>
date Thu, 15 Aug 2013 15:30:24 +0200
parent 1162:8e3420d48508
child 1190:c99d8b666eb4
comparison
equal deleted inserted replaced
1162:8e3420d48508 1163:52bee1247014
4 4
5 local ldap_server = module:get_option_string("ldap_server", "localhost"); 5 local ldap_server = module:get_option_string("ldap_server", "localhost");
6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); 6 local ldap_rootdn = module:get_option_string("ldap_rootdn", "");
7 local ldap_password = module:get_option_string("ldap_password", ""); 7 local ldap_password = module:get_option_string("ldap_password", "");
8 local ldap_tls = module:get_option_boolean("ldap_tls"); 8 local ldap_tls = module:get_option_boolean("ldap_tls");
9 local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
9 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); 10 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
10 11
11 local lualdap = require "lualdap"; 12 local lualdap = require "lualdap";
12 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); 13 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
13 module.unload = function() ld:close(); end 14 module.unload = function() ld:close(); end
22 23
23 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end 24 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
24 function provider.test_password(username, password) 25 function provider.test_password(username, password)
25 return do_query({ 26 return do_query({
26 base = ldap_base; 27 base = ldap_base;
28 scope = ldap_scope;
27 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; 29 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))";
28 }); 30 });
29 end 31 end
30 function provider.user_exists(username) 32 function provider.user_exists(username)
31 return do_query({ 33 return do_query({
32 base = ldap_base; 34 base = ldap_base;
35 scope = ldap_scope;
33 filter = "(uid="..ldap_filter_escape(username)..")"; 36 filter = "(uid="..ldap_filter_escape(username)..")";
34 }); 37 });
35 end 38 end
36 39
37 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end 40 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end