dovecot/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl

57 lines
1.8 KiB
Cheetah
Raw Normal View History

require "lualdap"
function auth_passdb_lookup(req)
local ldap_host = "{{ getenv "LDAP_HOST" }}"
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }}
ld = assert (lualdap.open_simple(
ldap_host,
ldap_bin_dn,
ldap_bind_password,
ldap_use_tls))
local username = req.username
local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}"
local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username)
2018-02-27 13:52:38 +00:00
local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}"
local user_count = 0
for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do
user_count = user_count + 1
end
local user_exists = user_count == 1
if user_exists then
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}"
local user_password = reg.password
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
lualdap.open_simple(
ldap_host,
dn,
user_password,
ldap_use_tls)
if test_conn ~= nil then
2018-02-27 13:52:38 +00:00
return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute)
end
end
else
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
end
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
end
function script_init()
return 0
end
function script_deinit()
end