56 lines
2.0 KiB
Cheetah
56 lines
2.0 KiB
Cheetah
require "lualdap"
|
|
|
|
function auth_passdb_lookup(req)
|
|
local ldap_host = "{{ getenv "LDAP_HOST" }}"
|
|
local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
|
|
local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
|
|
local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}
|
|
|
|
ld = assert (lualdap.open_simple(
|
|
ldap_host,
|
|
ldap_bin_dn,
|
|
ldap_bind_password,
|
|
ldap_use_tls))
|
|
|
|
local username = req.user
|
|
local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}"
|
|
local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username)
|
|
local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}"
|
|
|
|
local user_count = 0
|
|
for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do
|
|
user_count = user_count + 1
|
|
end
|
|
|
|
local return_code = dovecot.auth.PASSDB_RESULT_NEXT
|
|
local return_text = ""
|
|
|
|
local user_exists = user_count == 1
|
|
if user_exists then
|
|
local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
|
|
local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
|
|
local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
|
|
local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"
|
|
|
|
local user_password = req.password
|
|
|
|
for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
|
|
req:log_info(string.format("trying %s...", dn))
|
|
|
|
local test_conn = lualdap.open_simple(
|
|
ldap_host,
|
|
dn,
|
|
user_password,
|
|
ldap_use_tls)
|
|
if test_conn ~= nil then
|
|
req:log_info(string.format("%s suceeded!", dn))
|
|
return dovecot.auth.PASSDB_RESULT_OK, string.format("password=%s user=%s", user_password, username)
|
|
end
|
|
end
|
|
else
|
|
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
|
end
|
|
|
|
return return_code, return_text
|
|
end
|