fix lua auth script

2018-02-27 17:02:32 +01:00 · 2018-02-27 17:02:32 +01:00 · 9b014c4a7a
commit 9b014c4a7a
parent 16fe330177
3 changed files with 6 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -90,7 +90,7 @@ Default password scheme used on the ldap host.
 List of characters allowed in a username.

 ## AUTH_MECHANISMS
- default: plain login
+- default: plain

 Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

--- a/rootfs/etc/confd/templates/10-auth.conf.tmpl
+++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl
@ -1,4 +1,4 @@
 auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
 auth_username_format = %Lu
-auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
+auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}}
 !include auth-ldap.conf.ext
--- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
+++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl
@ -4,7 +4,7 @@ function auth_passdb_lookup(req)
    local ldap_host = "{{ getenv "LDAP_HOST" }}"
    local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
    local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
-    local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }}
+    local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}

    ld = assert (lualdap.open_simple(
        ldap_host,
@ -27,12 +27,12 @@ function auth_passdb_lookup(req)
        local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
        local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
        local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
-        local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}"
+        local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"

        local user_password = req.password

        for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
-            lualdap.open_simple(
+            local test_conn = lualdap.open_simple(
                ldap_host,
                dn,
                user_password,
@ -45,7 +45,7 @@ function auth_passdb_lookup(req)
        return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
    end

-    return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
+    return dovecot.auth.PASSDB_RESULT_NEXT, ""
 end

 function script_init()