51 lines
1.5 KiB
Lua
51 lines
1.5 KiB
Lua
require "lualdap"
|
|
|
|
function auth_passdb_lookup(req)
|
|
ldap_use_tls_env = os.getenv("LDAP_USE_TLS")
|
|
ldap_use_tls = ldap_use_tls_env == "true" and true or false
|
|
|
|
ld = assert (lualdap.open_simple(
|
|
os.getenv("LDAP_HOST"),
|
|
os.getenv("LDAP_BIND_DN"),
|
|
os.getenv("LDAP_BIND_PASSWORD"),
|
|
ldap_use_tls))
|
|
|
|
local username = req.username
|
|
local ldap_pass_filter = os.getenv("LDAP_PASS_FILTER"):gsub("%%u", username)
|
|
|
|
local user_count = 0
|
|
for dn, attribs in ld:search { base = os.getenv("LDAP_BASE_DN"), scope = "subtree", filter = ldap_pass_filter } do
|
|
user_count = user_count + 1
|
|
end
|
|
|
|
local user_exists = user_count == 1
|
|
if user_exists then
|
|
local app_base_dn = os.getenv("LDAP_APP_PASSWORDS_BASE_DN")
|
|
local app_pass_filter = os.getenv("LDAP_APP_PASSWORDS_FILTER")
|
|
|
|
local user_password = reg.password
|
|
|
|
for dn, attribs in ld:search { base = app_base_dn:gsub("%%u", username), scope = "subtree", filter = app_pass_filter } do
|
|
lualdap.open_simple(
|
|
os.getenv("LDAP_HOST"),
|
|
dn,
|
|
user_password,
|
|
ldap_use_tls)
|
|
if test_conn ~= nil then
|
|
return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", os.getenv("LDAP_USER_ATTRIBUTE"))
|
|
end
|
|
end
|
|
else
|
|
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
|
|
end
|
|
|
|
return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches"
|
|
end
|
|
|
|
function script_init()
|
|
return 0
|
|
end
|
|
|
|
function script_deinit()
|
|
end
|