Software /
code /
prosody-modules
Comparison
mod_auth_ldap/mod_auth_ldap.lua @ 2056:e16593e7d482
mod_auth_ldap: Add support for having admin status indicated in LDAP
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 01 Mar 2016 10:40:25 +0100 |
parent | 1987:6d7699eda594 |
child | 2774:41565a743cad |
comparison
equal
deleted
inserted
replaced
2055:2c6d84fb82d9 | 2056:e16593e7d482 |
---|---|
1 -- mod_auth_ldap | 1 -- mod_auth_ldap |
2 | 2 |
3 local jid_split = require "util.jid".split; | |
3 local new_sasl = require "util.sasl".new; | 4 local new_sasl = require "util.sasl".new; |
4 local lualdap = require "lualdap"; | 5 local lualdap = require "lualdap"; |
5 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | 6 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
6 | 7 |
7 -- Config options | 8 -- Config options |
11 local ldap_tls = module:get_option_boolean("ldap_tls"); | 12 local ldap_tls = module:get_option_boolean("ldap_tls"); |
12 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); | 13 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); |
13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); | 14 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); |
14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 15 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); | 16 local ldap_mode = module:get_option_string("ldap_mode", "bind"); |
17 local ldap_admins = module:get_option_string("ldap_admin_filter"); | |
16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); | 18 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); |
17 | 19 |
18 -- Initiate connection | 20 -- Initiate connection |
19 local ld = nil; | 21 local ld = nil; |
20 module.unload = function() if ld then pcall(ld, ld.close); end end | 22 module.unload = function() if ld then pcall(ld, ld.close); end end |
120 end | 122 end |
121 else | 123 else |
122 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); | 124 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); |
123 end | 125 end |
124 | 126 |
127 if ldap_admins then | |
128 function provider.is_admin(jid) | |
129 local username = jid_split(jid); | |
130 return ldap_do("search", 2, { | |
131 base = ldap_base; | |
132 scope = ldap_scope; | |
133 sizelimit = 1; | |
134 filter = ldap_admins:gsub("%$(%a+)", { | |
135 user = ldap_filter_escape(username); | |
136 host = host; | |
137 }); | |
138 }); | |
139 end | |
140 end | |
141 | |
125 module:provides("auth", provider); | 142 module:provides("auth", provider); |