Software /
code /
prosody-modules
File
mod_auth_ldap2/mod_auth_ldap2.lua @ 5931:d194d1012fd3
Updating dox for mod_rest. Ideas expressed / clarified:
1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component.
2) Understanding some of the implications of this choice:
A) Changes to user authentication
B) How it affects subdomains
3) More consistent use of domain names for clarity.
4) Using different heading sizes to show scope of section.
Essentially, I added all the tidbits I had to clarify in getting this to work in my
own example.
author | Ben Smith <bens@effortlessis.com> |
---|---|
date | Mon, 13 May 2024 13:25:13 -0700 |
parent | 3869:f2b29183ef08 |
line wrap: on
line source
-- vim:sts=4 sw=4 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2012 Rob Hoelz -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua -- adapted to use common LDAP store local ldap = module:require 'ldap'; local new_sasl = require 'util.sasl'.new; local jsplit = require 'util.jid'.split; if not ldap then return; end local provider = {} function provider.test_password(username, password) return ldap.bind(username, password); end function provider.user_exists(username) local params = ldap.getparams() local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); return ldap.singlematch { base = params.user.basedn, filter = filter, }; end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) return provider.test_password(username, password), true; end, mechanisms = { PLAIN = true }, }; return new_sasl(module.host, testpass_authentication_profile); end function provider.is_admin(jid) local username, userhost = jsplit(jid); if userhost ~= module.host then return false; end local admin_config = ldap.getparams().admin; if not admin_config then return; end local ld = ldap:getconnection(); local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); return ldap.singlematch { base = admin_config.basedn, filter = filter, }; end module:provides("auth", provider);