bsw@1656: local function str2hex(s) bsw@1656: local t = {string.byte(s, 1, #s)} bsw@1656: local f = string.format bsw@1656: for i = 1, #t do t[i] = f("\\%02x", t[i]) end bsw@1656: return table.concat(t) bsw@1656: end bsw@1656: bsw@1656: config.ldap = { bsw@1656: hosts = { bsw@1656: { uri = "ldap://192.168.1.1", tls = true, timeout = 5 }, bsw@1656: { uri = "ldap://192.168.1.2", tls = true, timeout = 5 } bsw@1656: }, bsw@1656: base = "CN=Users,DC=example,DC=org", bsw@1656: bind_as = { dn = "CN=LiquidFeedback Service,CN=Users,DC=example,DC=org", password = "secure" }, bsw@1656: member = { bsw@1656: registration = "auto", bsw@1656: scope = "subtree", bsw@1656: login_normalizer = function (login) bsw@1656: return login:lower() bsw@1656: end, bsw@1656: login_filter_map = function (login) bsw@1656: return "(sAMAccountName=" .. ldap.escape_filter(login) .. ")" bsw@1656: end, bsw@1656: login_map = function (ldap_entry) bsw@1656: return ldap_entry.sAMAccountName[1] bsw@1656: end, bsw@1656: uid_filter_map = function (uid) bsw@1656: return "(objectGUID=" .. uid .. ")" bsw@1656: end, bsw@1656: uid_map = function (ldap_entry) bsw@1656: return str2hex(ldap_entry.objectGUID[1]) bsw@1656: end, bsw@1656: allowed_map = function (ldap_entry) bsw@1656: local allowed = false bsw@1656: if ldap_entry.memberOf then bsw@1656: for i, group in ipairs(ldap_entry.memberOf) do bsw@1656: if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then bsw@1656: allowed = true bsw@1656: end bsw@1656: end bsw@1656: end bsw@1656: return allowed bsw@1656: end, bsw@1656: fetch_attr = { "sAMAccountName", "objectGUID", "givenName", "name", "displayName", "memberOf" }, bsw@1656: attr_map = function (ldap_entry, member) bsw@1656: member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.name[1] bsw@1656: member.name = ldap_entry.displayName[1] bsw@1656: end, bsw@1656: privilege_map = function (ldap_entry, member) bsw@1656: local privileges = {} bsw@1656: if ldap_entry.memberOf then bsw@1656: for i, group in ipairs(ldap_entry.memberOf) do bsw@1656: if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then bsw@1656: table.insert(privileges, bsw@1656: { unit_id = 1, voting_right = true, polling_right = true } bsw@1656: ) bsw@1656: end bsw@1656: end bsw@1656: end bsw@1656: return privileges bsw@1656: end, bsw@1656: cache_passwords = true, bsw@1656: locked_profile_fields = { name = true } bsw@1656: } bsw@1656: } bsw@1656: