prosody-modules
0a257d1402c3
mod_auth_ldap2/mod_auth_ldap2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_ldap2/mod_auth_ldap2.lua @ 4813:0a257d1402c3

mod_muc_rtbl: Optimize case with zero hashes On the assumption that during quiet times between torrents of spam, the hash set would be empty. There would be no point in doing the operations and hashes to check for a match in that case.
author Kim Alvefur <zash@zash.se>
date Mon, 06 Dec 2021 18:19:19 +0100 (2021-12-06)
parent 3869:f2b29183ef08
line wrap: on
line source
-- vim:sts=4 sw=4

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
-- Copyright (C) 2012 Rob Hoelz
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
-- adapted to use common LDAP store

local ldap     = module:require 'ldap';
local new_sasl = require 'util.sasl'.new;
local jsplit   = require 'util.jid'.split;

if not ldap then
    return;
end

local provider = {}

function provider.test_password(username, password)
    return ldap.bind(username, password);
end

function provider.user_exists(username)
    local params = ldap.getparams()

    local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);

    return ldap.singlematch {
        base   = params.user.basedn,
        filter = filter,
    };
end

function provider.get_password(username)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.set_password(username, password)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.create_user(username, password)
    return nil, "Account creation/modification not available with LDAP.";
end

function provider.get_sasl_handler()
    local testpass_authentication_profile = {
        plain_test = function(sasl, username, password, realm)
            return provider.test_password(username, password), true;
        end,
        mechanisms = { PLAIN = true },
    };
    return new_sasl(module.host, testpass_authentication_profile);
end

function provider.is_admin(jid)
    local username, userhost = jsplit(jid);
    if userhost ~= module.host then
        return false;
    end
    local admin_config = ldap.getparams().admin;

    if not admin_config then
        return;
    end

    local ld       = ldap:getconnection();
    local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);

    return ldap.singlematch {
        base   = admin_config.basedn,
        filter = filter,
    };
end

module:provides("auth", provider);