Software /
code /
prosody-modules
Comparison
mod_auth_ldap/mod_auth_ldap.lua @ 1611:770236ea9678
mod_auth_ldap: Fix use of ldap_search, and generalize it to support password modification as well.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Fri, 13 Feb 2015 11:06:06 -0500 |
parent | 1610:062ed39a1805 |
child | 1987:6d7699eda594 |
comparison
equal
deleted
inserted
replaced
1610:062ed39a1805 | 1611:770236ea9678 |
---|---|
17 | 17 |
18 -- Initiate connection | 18 -- Initiate connection |
19 local ld = nil; | 19 local ld = nil; |
20 module.unload = function() if ld then pcall(ld, ld.close); end end | 20 module.unload = function() if ld then pcall(ld, ld.close); end end |
21 | 21 |
22 function ldap_search_once(args) | 22 function ldap_do_once(method, ...) |
23 if ld == nil then | 23 if ld == nil then |
24 local err; | 24 local err; |
25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); | 25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); |
26 if not ld then return nil, err, "reconnect"; end | 26 if not ld then return nil, err, "reconnect"; end |
27 end | 27 end |
28 | 28 |
29 local success, iterator, invariant, initial = pcall(ld.search, ld, args); | 29 local success, iterator, invariant, initial = pcall(ld[method], ld, ...); |
30 if not success then ld = nil; return nil, iterator, "search"; end | 30 if not success then ld = nil; return nil, iterator, "search"; end |
31 | 31 |
32 local success, dn, attr = pcall(iterator, invariant, initial); | 32 local success, dn, attr = pcall(iterator, invariant, initial); |
33 if not success then ld = nil; return success, dn, "iter"; end | 33 if not success then ld = nil; return success, dn, "iter"; end |
34 | 34 |
35 return dn, attr, "return"; | 35 return dn, attr, "return"; |
36 end | 36 end |
37 | 37 |
38 function ldap_search(args, retry_count) | 38 function ldap_do(method, retry_count, ...) |
39 local dn, attr, where; | 39 local dn, attr, where; |
40 for i=1,1+retry_count do | 40 for i=1,1+retry_count do |
41 dn, attr, where = ldap_search_once(args); | 41 dn, attr, where = ldap_do_once(method, ...); |
42 if dn or not(attr) then break; end -- nothing or something found | 42 if dn or not(attr) then break; end -- nothing or something found |
43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); | 43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); |
44 -- otherwise retry | 44 -- otherwise retry |
45 end | 45 end |
46 if not dn and attr then | 46 if not dn and attr then |
49 return dn, attr; | 49 return dn, attr; |
50 end | 50 end |
51 | 51 |
52 local function get_user(username) | 52 local function get_user(username) |
53 module:log("debug", "get_user(%q)", username); | 53 module:log("debug", "get_user(%q)", username); |
54 for dn, attr in ldap_search({ | 54 return ldap_do("search", 2, { |
55 base = ldap_base; | 55 base = ldap_base; |
56 scope = ldap_scope; | 56 scope = ldap_scope; |
57 sizelimit = 1; | 57 sizelimit = 1; |
58 filter = ldap_filter:gsub("%$(%a+)", { | 58 filter = ldap_filter:gsub("%$(%a+)", { |
59 user = ldap_filter_escape(username); | 59 user = ldap_filter_escape(username); |
60 host = host; | 60 host = host; |
61 }); | 61 }); |
62 }, 3) do return dn, attr; end | 62 }); |
63 end | 63 end |
64 | 64 |
65 local provider = {}; | 65 local provider = {}; |
66 | 66 |
67 function provider.create_user(username, password) | 67 function provider.create_user(username, password) |
74 | 74 |
75 function provider.set_password(username, password) | 75 function provider.set_password(username, password) |
76 local dn, attr = get_user(username); | 76 local dn, attr = get_user(username); |
77 if not dn then return nil, attr end | 77 if not dn then return nil, attr end |
78 if attr.userPassword == password then return true end | 78 if attr.userPassword == password then return true end |
79 return ld:modify(dn, { '=', userPassword = password })(); | 79 return ldap_do("modify", 2, dn, { '=', userPassword = password }); |
80 end | 80 end |
81 | 81 |
82 if ldap_mode == "getpasswd" then | 82 if ldap_mode == "getpasswd" then |
83 function provider.get_password(username) | 83 function provider.get_password(username) |
84 local dn, attr = get_user(username); | 84 local dn, attr = get_user(username); |