fix lua auth script
This commit is contained in:
parent
16fe330177
commit
9b014c4a7a
@ -90,7 +90,7 @@ Default password scheme used on the ldap host.
|
|||||||
List of characters allowed in a username.
|
List of characters allowed in a username.
|
||||||
|
|
||||||
## AUTH_MECHANISMS
|
## AUTH_MECHANISMS
|
||||||
- default: plain login
|
- default: plain
|
||||||
|
|
||||||
Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
|
Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
|
auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
|
||||||
auth_username_format = %Lu
|
auth_username_format = %Lu
|
||||||
auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
|
auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}}
|
||||||
!include auth-ldap.conf.ext
|
!include auth-ldap.conf.ext
|
||||||
|
|||||||
@ -4,7 +4,7 @@ function auth_passdb_lookup(req)
|
|||||||
local ldap_host = "{{ getenv "LDAP_HOST" }}"
|
local ldap_host = "{{ getenv "LDAP_HOST" }}"
|
||||||
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
|
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
|
||||||
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
|
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
|
||||||
local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }}
|
local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}
|
||||||
|
|
||||||
ld = assert (lualdap.open_simple(
|
ld = assert (lualdap.open_simple(
|
||||||
ldap_host,
|
ldap_host,
|
||||||
@ -27,12 +27,12 @@ function auth_passdb_lookup(req)
|
|||||||
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
|
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
|
||||||
local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
|
local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
|
||||||
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
|
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
|
||||||
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}"
|
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"
|
||||||
|
|
||||||
local user_password = req.password
|
local user_password = req.password
|
||||||
|
|
||||||
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
|
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
|
||||||
lualdap.open_simple(
|
local test_conn = lualdap.open_simple(
|
||||||
ldap_host,
|
ldap_host,
|
||||||
dn,
|
dn,
|
||||||
user_password,
|
user_password,
|
||||||
@ -45,7 +45,7 @@ function auth_passdb_lookup(req)
|
|||||||
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
||||||
end
|
end
|
||||||
|
|
||||||
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
|
return dovecot.auth.PASSDB_RESULT_NEXT, ""
|
||||||
end
|
end
|
||||||
|
|
||||||
function script_init()
|
function script_init()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user