From 12e25e6d921cfa10365bc5582a484fa37c4b9ddc Mon Sep 17 00:00:00 2001 From: Andrew Snare Date: Thu, 14 Nov 2013 12:31:37 +0100 Subject: [PATCH 1/4] Auto-detect the base context (if possible). --- README.md | 7 +++-- etc/ejabberd-auth.yaml | 4 +-- lib/auth-ldap.js | 58 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a4a5bc8..2370a84 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,9 @@ binding. (It has been tested with eJabberd 2.1.10 and OpenLDAP 2.4.31.) Configuration ------------- -Edit the file `etc/ejabberd-auth.yaml` and configure: - - - At a minimum, the base context for your server. - - Any other settings where the default is inappropriate. +For OpenLDAP the default settings may suffice, assuming anonymous +searches are allowed. Edit the file `etc/ejabberd-auth.yaml` to +review the default configuration and adjust anything necessary. *Note that installing globally (below) will copy this file to global location.* diff --git a/etc/ejabberd-auth.yaml b/etc/ejabberd-auth.yaml index cbb2ec8..db08683 100644 --- a/etc/ejabberd-auth.yaml +++ b/etc/ejabberd-auth.yaml @@ -22,8 +22,8 @@ ldap: # password: guessmeifyoucan # Base for searching. - # Default: none - base: dc=example,dc=com + # Default: autodetect + #base: dc=example,dc=com # Attribute to match against the username. # Default: uuid diff --git a/lib/auth-ldap.js b/lib/auth-ldap.js index fd3d7e6..e5ff7dd 100644 --- a/lib/auth-ldap.js +++ b/lib/auth-ldap.js @@ -5,6 +5,37 @@ var ldap = require('ldapjs'), assert = require('assert'), auth = require('./auth'); +function listRoots(client, callback) { + client.search("", { + filter: '(namingContexts=*)', + scope: 'base', + attributes: 'namingContexts', + attrsOnly: true + }, function(err, res) { + if (err) { + console.warn("Error searching for base contexts: " + err); + callback(); + } else { + var roots = []; + res.on('searchEntry', function(entry) { + roots.push(entry.object.namingContexts) + }); + res.on('error', function(err) { + console.warn("Error while searching for base contexts: " + err); + callback(); + }); + res.on('end', function(result) { + if (result.status === ldap.LDAP_SUCCESS) { + callback(roots); + } else { + console.error("LDAP error searching for base contexts: " + result.status); + callback(); + } + }); + } + }); +} + function start(options) { var base = options.base, admin = options.admin, @@ -14,7 +45,7 @@ function start(options) { objectFilter = ldap.parseFilter(filter), client = ldap.createClient({ url: url }); - function bindEvents() { + function bindChannel(base) { function findJabberUser(user, callback) { client.search(base, { filter: new ldap.AndFilter({ @@ -103,13 +134,34 @@ function start(options) { }); } + function bindChannelWithSearchBase(base) { + if (base) { + bindChannel(base); + } else { + listRoots(client, function(bases) { + switch (bases.length) { + case 0: + console.error("Cannot detect root naming context. Please configure manually."); + break; + case 1: + bindChannel(base[0]); + break; + case 2: + console.error("Multiple bases detected. Please configure manually."); + break; + + } + }); + } + } + if (admin) { client.bind(admin.dn, admin.password, function(err) { assert.ifError(err); - bindEvents(); + bindChannelWithSearchBase(base); }); } else { - bindEvents(); + bindChannelWithSearchBase(base); } } From 57a0865b188d42864c4868ab8678b86f47453c1c Mon Sep 17 00:00:00 2001 From: Andrew Snare Date: Thu, 14 Nov 2013 16:55:29 +0100 Subject: [PATCH 2/4] Fix default configuration file. YAML doesn't support empty maps; instead a scalar property with a null value is returned. --- etc/ejabberd-auth.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/ejabberd-auth.yaml b/etc/ejabberd-auth.yaml index db08683..bf50274 100644 --- a/etc/ejabberd-auth.yaml +++ b/etc/ejabberd-auth.yaml @@ -6,9 +6,9 @@ # The method to use for authentication. # (At the moment 'ldap' is the only supported method.) # Default: ldap -#method: ldap +method: ldap -ldap: +#ldap: # URL to use to connect to the server. # Default: ldap://localhost #uri: ldap://localhost From 6131b1146edeb30f64ee098ea1fe6473d7d235e4 Mon Sep 17 00:00:00 2001 From: Andrew Snare Date: Thu, 14 Nov 2013 16:59:48 +0100 Subject: [PATCH 3/4] Fix a typo in the array reference. --- lib/auth-ldap.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/auth-ldap.js b/lib/auth-ldap.js index e5ff7dd..f31176a 100644 --- a/lib/auth-ldap.js +++ b/lib/auth-ldap.js @@ -144,7 +144,9 @@ function start(options) { console.error("Cannot detect root naming context. Please configure manually."); break; case 1: - bindChannel(base[0]); + var base = bases[0]; + console.warn("Auto-detected base context: " + base); + bindChannel(base); break; case 2: console.error("Multiple bases detected. Please configure manually."); From b5c1768425ea708e068cb5521857f4e650ddd749 Mon Sep 17 00:00:00 2001 From: Andrew Snare Date: Thu, 14 Nov 2013 18:33:18 +0100 Subject: [PATCH 4/4] Improve internal documentation of the configuration file. --- etc/ejabberd-auth.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/ejabberd-auth.yaml b/etc/ejabberd-auth.yaml index bf50274..d8da2df 100644 --- a/etc/ejabberd-auth.yaml +++ b/etc/ejabberd-auth.yaml @@ -8,6 +8,8 @@ # Default: ldap method: ldap +# Uncomment if any of the following LDAP properties need +# to be set. #ldap: # URL to use to connect to the server. # Default: ldap://localhost