fix lua auth script

This commit is contained in:
Sebastian Hugentobler 2018-02-27 17:02:32 +01:00
parent 16fe330177
commit 9b014c4a7a
3 changed files with 6 additions and 6 deletions

View File

@ -90,7 +90,7 @@ Default password scheme used on the ldap host.
List of characters allowed in a username. List of characters allowed in a username.
## AUTH_MECHANISMS ## AUTH_MECHANISMS
- default: plain login - default: plain
Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms). Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

View File

@ -1,4 +1,4 @@
auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}} auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
auth_username_format = %Lu auth_username_format = %Lu
auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}} auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}}
!include auth-ldap.conf.ext !include auth-ldap.conf.ext

View File

@ -4,7 +4,7 @@ function auth_passdb_lookup(req)
local ldap_host = "{{ getenv "LDAP_HOST" }}" local ldap_host = "{{ getenv "LDAP_HOST" }}"
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}" local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}" local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }} local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}
ld = assert (lualdap.open_simple( ld = assert (lualdap.open_simple(
ldap_host, ldap_host,
@ -27,12 +27,12 @@ function auth_passdb_lookup(req)
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}" local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
local app_base_dn_formatted = app_base_dn:gsub("%%u", username) local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}" local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}" local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"
local user_password = req.password local user_password = req.password
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
lualdap.open_simple( local test_conn = lualdap.open_simple(
ldap_host, ldap_host,
dn, dn,
user_password, user_password,
@ -45,7 +45,7 @@ function auth_passdb_lookup(req)
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
end end
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" return dovecot.auth.PASSDB_RESULT_NEXT, ""
end end
function script_init() function script_init()