app passwordss cript needs to be a template
This commit is contained in:
parent
6148c043b8
commit
5df18cf04c
3
rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml
Normal file
3
rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml
Normal file
@ -0,0 +1,3 @@
|
||||
[template]
|
||||
src = "app-passwords-lookup.lua.tmpl"
|
||||
dest = "/etc/dovecot/app-passwords-lookup.lua"
|
56
rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
Normal file
56
rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
Normal file
@ -0,0 +1,56 @@
|
||||
require "lualdap"
|
||||
|
||||
function auth_passdb_lookup(req)
|
||||
local ldap_host = "{{ getenv "LDAP_HOST" }}"
|
||||
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
|
||||
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
|
||||
local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }}
|
||||
|
||||
ld = assert (lualdap.open_simple(
|
||||
ldap_host,
|
||||
ldap_bin_dn,
|
||||
ldap_bind_password,
|
||||
ldap_use_tls))
|
||||
|
||||
local username = req.username
|
||||
local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}"
|
||||
local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username)
|
||||
local ldap_base_dn = {{ getenv "LDAP_BASE_DN" }}
|
||||
|
||||
local user_count = 0
|
||||
for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do
|
||||
user_count = user_count + 1
|
||||
end
|
||||
|
||||
local user_exists = user_count == 1
|
||||
if user_exists then
|
||||
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
|
||||
local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
|
||||
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
|
||||
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}"
|
||||
|
||||
local user_password = reg.password
|
||||
|
||||
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
|
||||
lualdap.open_simple(
|
||||
ldap_host,
|
||||
dn,
|
||||
user_password,
|
||||
ldap_use_tls)
|
||||
if test_conn ~= nil then
|
||||
return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute))
|
||||
end
|
||||
end
|
||||
else
|
||||
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
||||
end
|
||||
|
||||
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
|
||||
end
|
||||
|
||||
function script_init()
|
||||
return 0
|
||||
end
|
||||
|
||||
function script_deinit()
|
||||
end
|
@ -1,50 +0,0 @@
|
||||
require "lualdap"
|
||||
|
||||
function auth_passdb_lookup(req)
|
||||
ldap_use_tls_env = os.getenv("LDAP_USE_TLS")
|
||||
ldap_use_tls = ldap_use_tls_env == "true" and true or false
|
||||
|
||||
ld = assert (lualdap.open_simple(
|
||||
os.getenv("LDAP_HOST"),
|
||||
os.getenv("LDAP_BIND_DN"),
|
||||
os.getenv("LDAP_BIND_PASSWORD"),
|
||||
ldap_use_tls))
|
||||
|
||||
local username = req.username
|
||||
local ldap_pass_filter = os.getenv("LDAP_PASS_FILTER"):gsub("%%u", username)
|
||||
|
||||
local user_count = 0
|
||||
for dn, attribs in ld:search { base = os.getenv("LDAP_BASE_DN"), scope = "subtree", filter = ldap_pass_filter } do
|
||||
user_count = user_count + 1
|
||||
end
|
||||
|
||||
local user_exists = user_count == 1
|
||||
if user_exists then
|
||||
local app_base_dn = os.getenv("LDAP_APP_PASSWORDS_BASE_DN")
|
||||
local app_pass_filter = os.getenv("LDAP_APP_PASSWORDS_FILTER")
|
||||
|
||||
local user_password = reg.password
|
||||
|
||||
for dn, attribs in ld:search { base = app_base_dn:gsub("%%u", username), scope = "subtree", filter = app_pass_filter } do
|
||||
lualdap.open_simple(
|
||||
os.getenv("LDAP_HOST"),
|
||||
dn,
|
||||
user_password,
|
||||
ldap_use_tls)
|
||||
if test_conn ~= nil then
|
||||
return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", os.getenv("LDAP_USER_ATTRIBUTE"))
|
||||
end
|
||||
end
|
||||
else
|
||||
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
||||
end
|
||||
|
||||
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
|
||||
end
|
||||
|
||||
function script_init()
|
||||
return 0
|
||||
end
|
||||
|
||||
function script_deinit()
|
||||
end
|
Loading…
Reference in New Issue
Block a user