Comparison

mod_auth_ldap/mod_auth_ldap.lua @ 2056:e16593e7d482

mod_auth_ldap: Add support for having admin status indicated in LDAP
author Kim Alvefur <zash@zash.se>
date Tue, 01 Mar 2016 10:40:25 +0100
parent 1987:6d7699eda594
child 2774:41565a743cad
comparison
equal deleted inserted replaced
2055:2c6d84fb82d9 2056:e16593e7d482
1 -- mod_auth_ldap 1 -- mod_auth_ldap
2 2
3 local jid_split = require "util.jid".split;
3 local new_sasl = require "util.sasl".new; 4 local new_sasl = require "util.sasl".new;
4 local lualdap = require "lualdap"; 5 local lualdap = require "lualdap";
5 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end 6 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
6 7
7 -- Config options 8 -- Config options
11 local ldap_tls = module:get_option_boolean("ldap_tls"); 12 local ldap_tls = module:get_option_boolean("ldap_tls");
12 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); 13 local ldap_scope = module:get_option_string("ldap_scope", "subtree");
13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); 14 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); 15 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); 16 local ldap_mode = module:get_option_string("ldap_mode", "bind");
17 local ldap_admins = module:get_option_string("ldap_admin_filter");
16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); 18 local host = ldap_filter_escape(module:get_option_string("realm", module.host));
17 19
18 -- Initiate connection 20 -- Initiate connection
19 local ld = nil; 21 local ld = nil;
20 module.unload = function() if ld then pcall(ld, ld.close); end end 22 module.unload = function() if ld then pcall(ld, ld.close); end end
120 end 122 end
121 else 123 else
122 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); 124 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
123 end 125 end
124 126
127 if ldap_admins then
128 function provider.is_admin(jid)
129 local username = jid_split(jid);
130 return ldap_do("search", 2, {
131 base = ldap_base;
132 scope = ldap_scope;
133 sizelimit = 1;
134 filter = ldap_admins:gsub("%$(%a+)", {
135 user = ldap_filter_escape(username);
136 host = host;
137 });
138 });
139 end
140 end
141
125 module:provides("auth", provider); 142 module:provides("auth", provider);