From 9b014c4a7ac1e500890375c53e700571ed20858c Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 17:02:32 +0100 Subject: [PATCH] fix lua auth script --- README.md | 2 +- rootfs/etc/confd/templates/10-auth.conf.tmpl | 2 +- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bc34aab..73053e9 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Default password scheme used on the ldap host. List of characters allowed in a username. ## AUTH_MECHANISMS -- default: plain login +- default: plain Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms). diff --git a/rootfs/etc/confd/templates/10-auth.conf.tmpl b/rootfs/etc/confd/templates/10-auth.conf.tmpl index e40f07c..f7c7b0f 100644 --- a/rootfs/etc/confd/templates/10-auth.conf.tmpl +++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl @@ -1,4 +1,4 @@ auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}} auth_username_format = %Lu -auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}} +auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}} !include auth-ldap.conf.ext diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 7078b3a..5edda4b 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -4,7 +4,7 @@ function auth_passdb_lookup(req) local ldap_host = "{{ getenv "LDAP_HOST" }}" local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}" local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}" - local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }} + local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }} ld = assert (lualdap.open_simple( ldap_host, @@ -27,12 +27,12 @@ function auth_passdb_lookup(req) local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}" local app_base_dn_formatted = app_base_dn:gsub("%%u", username) local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}" - local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}" + local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}" local user_password = req.password for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do - lualdap.open_simple( + local test_conn = lualdap.open_simple( ldap_host, dn, user_password, @@ -45,7 +45,7 @@ function auth_passdb_lookup(req) return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" end - return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" + return dovecot.auth.PASSDB_RESULT_NEXT, "" end function script_init()