1 local function str2hex(s)

2 local t = {string.byte(s, 1, #s)}

3 local f = string.format

4 for i = 1, #t do t[i] = f("\\%02x", t[i]) end

5 return table.concat(t)

6 end

7

8 config.ldap = {

9 hosts = {

10 { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },

11 { uri = "ldap://192.168.1.2", tls = true, timeout = 5 }

12 },

13 base = "CN=Users,DC=example,DC=org",

14 bind_as = { dn = "CN=LiquidFeedback Service,CN=Users,DC=example,DC=org", password = "secure" },

15 member = {

16 registration = "auto",

17 scope = "subtree",

18 login_normalizer = function (login)

19 return login:lower()

20 end,

21 login_filter_map = function (login)

22 return "(sAMAccountName=" .. ldap.escape_filter(login) .. ")"

23 end,

24 login_map = function (ldap_entry)

25 return ldap_entry.sAMAccountName[1]

26 end,

27 uid_filter_map = function (uid)

28 return "(objectGUID=" .. uid .. ")"

29 end,

30 uid_map = function (ldap_entry)

31 return str2hex(ldap_entry.objectGUID[1])

32 end,

33 allowed_map = function (ldap_entry)

34 local allowed = false

35 if ldap_entry.memberOf then

36 for i, group in ipairs(ldap_entry.memberOf) do

37 if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then

38 allowed = true

39 end

40 end

41 end

42 return allowed

43 end,

44 fetch_attr = { "sAMAccountName", "objectGUID", "givenName", "name", "displayName", "memberOf" },

45 attr_map = function (ldap_entry, member)

46 member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.name[1]

47 member.name = ldap_entry.displayName[1]

48 end,

49 privilege_map = function (ldap_entry, member)

50 local privileges = {}

51 if ldap_entry.memberOf then

52 for i, group in ipairs(ldap_entry.memberOf) do

53 if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then

54 table.insert(privileges,

55 { unit_id = 1, voting_right = true, polling_right = true }

56 )

57 end

58 end

59 end

60 return privileges

61 end,

62 cache_passwords = true,

63 locked_profile_fields = { name = true }

64 }

65 }

66