rev |
line source |
bsw@1656
|
1 local function str2hex(s)
|
bsw@1656
|
2 local t = {string.byte(s, 1, #s)}
|
bsw@1656
|
3 local f = string.format
|
bsw@1656
|
4 for i = 1, #t do t[i] = f("\\%02x", t[i]) end
|
bsw@1656
|
5 return table.concat(t)
|
bsw@1656
|
6 end
|
bsw@1656
|
7
|
bsw@1656
|
8 config.ldap = {
|
bsw@1656
|
9 hosts = {
|
bsw@1656
|
10 { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },
|
bsw@1656
|
11 { uri = "ldap://192.168.1.2", tls = true, timeout = 5 }
|
bsw@1656
|
12 },
|
bsw@1656
|
13 base = "CN=Users,DC=example,DC=org",
|
bsw@1656
|
14 bind_as = { dn = "CN=LiquidFeedback Service,CN=Users,DC=example,DC=org", password = "secure" },
|
bsw@1656
|
15 member = {
|
bsw@1656
|
16 registration = "auto",
|
bsw@1656
|
17 scope = "subtree",
|
bsw@1656
|
18 login_normalizer = function (login)
|
bsw@1656
|
19 return login:lower()
|
bsw@1656
|
20 end,
|
bsw@1656
|
21 login_filter_map = function (login)
|
bsw@1656
|
22 return "(sAMAccountName=" .. ldap.escape_filter(login) .. ")"
|
bsw@1656
|
23 end,
|
bsw@1656
|
24 login_map = function (ldap_entry)
|
bsw@1656
|
25 return ldap_entry.sAMAccountName[1]
|
bsw@1656
|
26 end,
|
bsw@1656
|
27 uid_filter_map = function (uid)
|
bsw@1656
|
28 return "(objectGUID=" .. uid .. ")"
|
bsw@1656
|
29 end,
|
bsw@1656
|
30 uid_map = function (ldap_entry)
|
bsw@1656
|
31 return str2hex(ldap_entry.objectGUID[1])
|
bsw@1656
|
32 end,
|
bsw@1656
|
33 allowed_map = function (ldap_entry)
|
bsw@1656
|
34 local allowed = false
|
bsw@1656
|
35 if ldap_entry.memberOf then
|
bsw@1656
|
36 for i, group in ipairs(ldap_entry.memberOf) do
|
bsw@1656
|
37 if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
|
bsw@1656
|
38 allowed = true
|
bsw@1656
|
39 end
|
bsw@1656
|
40 end
|
bsw@1656
|
41 end
|
bsw@1656
|
42 return allowed
|
bsw@1656
|
43 end,
|
bsw@1656
|
44 fetch_attr = { "sAMAccountName", "objectGUID", "givenName", "name", "displayName", "memberOf" },
|
bsw@1656
|
45 attr_map = function (ldap_entry, member)
|
bsw@1656
|
46 member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.name[1]
|
bsw@1656
|
47 member.name = ldap_entry.displayName[1]
|
bsw@1656
|
48 end,
|
bsw@1656
|
49 privilege_map = function (ldap_entry, member)
|
bsw@1656
|
50 local privileges = {}
|
bsw@1656
|
51 if ldap_entry.memberOf then
|
bsw@1656
|
52 for i, group in ipairs(ldap_entry.memberOf) do
|
bsw@1656
|
53 if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
|
bsw@1656
|
54 table.insert(privileges,
|
bsw@1656
|
55 { unit_id = 1, voting_right = true, polling_right = true }
|
bsw@1656
|
56 )
|
bsw@1656
|
57 end
|
bsw@1656
|
58 end
|
bsw@1656
|
59 end
|
bsw@1656
|
60 return privileges
|
bsw@1656
|
61 end,
|
bsw@1656
|
62 cache_passwords = true,
|
bsw@1656
|
63 locked_profile_fields = { name = true }
|
bsw@1656
|
64 }
|
bsw@1656
|
65 }
|
bsw@1656
|
66
|