prosody-modules
abcb59ab355c
mod_auth_ldap/mod_auth_ldap.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_ldap/mod_auth_ldap.lua @ 234:abcb59ab355c

Add new motd_sequential module. This module lets you define numbered messages shown to each user in order, but only once per user, and persistent across server restarts. Useful for notifying users of added features and changes in an incremental fashion.
author Jeff Mitchell <jeffrey.mitchell@gmail.com>
date Wed, 04 Aug 2010 22:29:51 +0000
parent 218:4a91047f9b5e
child 286:ca6199d73d68
line wrap: on
line source


local new_sasl = require "util.sasl".new;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("auth_ldap");

local ldap_server = module:get_option("ldap_server") or "localhost";
local ldap_rootdn = module:get_option("ldap_rootdn") or "";
local ldap_password = module:get_option("ldap_password") or "";
local ldap_tls = module:get_option("ldap_tls");
local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap");

local lualdap = require "lualdap";
local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
module.unload = function() ld:close(); end

function do_query(query)
	for dn, attribs in ld:search(query) do
		return true; -- found a result
	end
end

local provider = { name = "ldap" };

local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
function provider.test_password(username, password)
	return do_query({
		base = ldap_base;
		filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))";
	});
end
function provider.user_exists(username)
	return do_query({
		base = ldap_base;
		filter = "(uid="..ldap_filter_escape(username)..")";
	});
end

function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end
function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end
function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end

function provider.get_sasl_handler()
	local realm = module:get_option("sasl_realm") or module.host;
	local testpass_authentication_profile = {
		plain_test = function(username, password, realm)
			local prepped_username = nodeprep(username);
			if not prepped_username then
				log("debug", "NODEprep failed on username: %s", username);
				return "", nil;
			end
			return provider.test_password(prepped_username, realm, password), true;
		end
	};
	return new_sasl(realm, testpass_authentication_profile);
end

module:add_item("auth-provider", provider);