ejabberd/contribs7/ejabberd_auth_ad.erl

%%%----------------------------------------------------------------------
%%% File    : ejabberd_auth_ad.erl
%%% Author  : Alexey Shchepin <alexey@sevcom.net>
%%% Author  : Alex Gorbachenko <agent_007@immo.ru>
%%% Author  : Stanislav Bogatyrev <realloc@realloc.spb.ru>
%%% Purpose : Authentification via Active Directory
%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@sevcom.net>
%%% Id      : $Id: ejabberd_auth_ad.erl 386 2005-12-20 10:06:37Z agent_007 $
%%%----------------------------------------------------------------------

-module(ejabberd_auth_ad).
-author('alexey@sevcom.net').
-author('agent_007@immo.ru').
-author('realloc@realloc.spb.ru').
-vsn('$Revision: 386 $ ').

%% External exports
-export([start/1,
         set_password/3,
         check_password/3,
         check_password/5,
         try_register/3,
         dirty_get_registered_users/0,
         get_vh_registered_users/1,
         get_password/2,
         get_password_s/2,
         is_user_exists/2,
         remove_user/2,
         remove_user/3,
         plain_password_required/0
        ]).

-include("ejabberd.hrl").
-include("eldap/eldap.hrl").

%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
start(Host) ->
    LDAPServers = ejabberd_config:get_local_option({ad_servers, Host}),
    RootDN = ejabberd_config:get_local_option({ad_rootdn, Host}),
    Password = ejabberd_config:get_local_option({ad_password, Host}),
    eldap:start_link(get_eldap_id(Host, ejabberd),
                     LDAPServers, 389, RootDN, Password),
    eldap:start_link(get_eldap_id(Host, ejabberd_bind),
                     LDAPServers, 389, RootDN, Password),
    ok.

plain_password_required() ->
    true.

check_password(User, Server, Password) ->
    case find_user_dn(User, Server) of
        false ->
            false;
        DN ->
            LServer = jlib:nameprep(Server),
            case eldap:bind(get_eldap_id(LServer, ejabberd_bind),
                            DN, Password) of
                ok ->
                    true;
                _ ->
                    false
            end
    end.

check_password(User, Server, Password, _StreamID, _Digest) ->
    check_password(User, Server, Password).

set_password(_User, _Server, _Password) ->
    {error, not_allowed}.

try_register(_User, _Server, _Password) ->
    {error, not_allowed}.

dirty_get_registered_users() ->
    get_vh_registered_users(?MYNAME).

get_vh_registered_users(Server) ->
    LServer = jlib:nameprep(Server),
    Attr = ejabberd_config:get_local_option({ad_uidattr, LServer}),
%    AdGroup = ejabberd_config:get_local_option({ad_group, LServer}),
    FilterPerson = eldap:equalityMatch("objectCategory", "person"),
    FilterComp = eldap:equalityMatch("objectClass", "computer"),
    FilterHidden = eldap:equalityMatch("description", "hidden"),
%    FilterGroup = eldap:equalityMatch("memberOf", AdGroup),
    FilterLive = eldap:equalityMatch("userAccountControl", "66050"),
    FilterDef = eldap:present(Attr),
    Filter = eldap:'and'([
                          FilterDef,
                          FilterPerson,
%                         FilterGroup,
                          eldap:'not'(FilterComp),
                          eldap:'not'(FilterHidden),
                          eldap:'not'(FilterLive)]),
    Base = ejabberd_config:get_local_option({ad_base, LServer}),
    case eldap:search(get_eldap_id(LServer, ejabberd),
                      [{base, Base},
                       {filter, Filter},
                       {attributes, [Attr]}]) of
        #eldap_search_result{entries = Es} ->
            lists:flatmap(
              fun(E) ->
                      case lists:keysearch(Attr, 1, E#eldap_entry.attributes) of
                          {value, {_, [U]}} ->
                              case jlib:nodeprep(U) of
                                  error ->
                                      [];
                                  LU ->
                                      [{LU, LServer}]
                              end;
                          _ ->
                              []
                      end
              end, Es);
        _ ->
            []
    end.

get_password(_User, _Server) ->
    false.

get_password_s(_User, _Server) ->
    "".

is_user_exists(User, Server) ->
    case find_user_dn(User, Server) of
        false ->
            false;
        _DN ->
            true
    end.

remove_user(_User, _Server) ->
    {error, not_allowed}.

remove_user(_User, _Server, _Password) ->
    not_allowed.


%%%----------------------------------------------------------------------
%%% Internal functions
%%%----------------------------------------------------------------------

find_user_dn(User, Server) ->
    LServer = jlib:nameprep(Server),
    AdGroup = ejabberd_config:get_local_option({ad_group, LServer}),
    Attr = ejabberd_config:get_local_option({ad_uidattr, LServer}),
    FilterAttr = eldap:equalityMatch(Attr, User),
    FilterGroup = eldap:equalityMatch("memberOf", AdGroup),
    Filter = eldap:'and'([
                          FilterAttr,
                          FilterGroup
                          ]),
    Base = ejabberd_config:get_local_option({ad_base, LServer}),
    case eldap:search(get_eldap_id(LServer, ejabberd),
                      [{base, Base},
                       {filter, Filter},
                       {attributes, []}]) of
        #eldap_search_result{entries = [E | _]} ->
            E#eldap_entry.object_name;
        _ ->
            false
    end.

get_eldap_id(Host, Name) ->
    atom_to_list(gen_mod:get_module_proc(Host, Name)).
1	slords	1.1	%%%----------------------------------------------------------------------
2			%%% File : ejabberd_auth_ad.erl
3			%%% Author : Alexey Shchepin <alexey@sevcom.net>
4			%%% Author : Alex Gorbachenko <agent_007@immo.ru>
5			%%% Author : Stanislav Bogatyrev <realloc@realloc.spb.ru>
6			%%% Purpose : Authentification via Active Directory
7			%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@sevcom.net>
8			%%% Id : $Id: ejabberd_auth_ad.erl 386 2005-12-20 10:06:37Z agent_007 $
9			%%%----------------------------------------------------------------------
10
11			-module(ejabberd_auth_ad).
12			-author('alexey@sevcom.net').
13			-author('agent_007@immo.ru').
14			-author('realloc@realloc.spb.ru').
15			-vsn('$Revision: 386 $ ').
16
17			%% External exports
18			-export([start/1,
19			set_password/3,
20			check_password/3,
21			check_password/5,
22			try_register/3,
23			dirty_get_registered_users/0,
24			get_vh_registered_users/1,
25			get_password/2,
26			get_password_s/2,
27			is_user_exists/2,
28			remove_user/2,
29			remove_user/3,
30			plain_password_required/0
31			]).
32
33			-include("ejabberd.hrl").
34			-include("eldap/eldap.hrl").
35
36			%%%----------------------------------------------------------------------
37			%%% API
38			%%%----------------------------------------------------------------------
39			start(Host) ->
40			LDAPServers = ejabberd_config:get_local_option({ad_servers, Host}),
41			RootDN = ejabberd_config:get_local_option({ad_rootdn, Host}),
42			Password = ejabberd_config:get_local_option({ad_password, Host}),
43			eldap:start_link(get_eldap_id(Host, ejabberd),
44			LDAPServers, 389, RootDN, Password),
45			eldap:start_link(get_eldap_id(Host, ejabberd_bind),
46			LDAPServers, 389, RootDN, Password),
47			ok.
48
49			plain_password_required() ->
50			true.
51
52			check_password(User, Server, Password) ->
53			case find_user_dn(User, Server) of
54			false ->
55			false;
56			DN ->
57			LServer = jlib:nameprep(Server),
58			case eldap:bind(get_eldap_id(LServer, ejabberd_bind),
59			DN, Password) of
60			ok ->
61			true;
62			_ ->
63			false
64			end
65			end.
66
67			check_password(User, Server, Password, _StreamID, _Digest) ->
68			check_password(User, Server, Password).
69
70			set_password(_User, _Server, _Password) ->
71			{error, not_allowed}.
72
73			try_register(_User, _Server, _Password) ->
74			{error, not_allowed}.
75
76			dirty_get_registered_users() ->
77			get_vh_registered_users(?MYNAME).
78
79			get_vh_registered_users(Server) ->
80			LServer = jlib:nameprep(Server),
81			Attr = ejabberd_config:get_local_option({ad_uidattr, LServer}),
82			% AdGroup = ejabberd_config:get_local_option({ad_group, LServer}),
83			FilterPerson = eldap:equalityMatch("objectCategory", "person"),
84			FilterComp = eldap:equalityMatch("objectClass", "computer"),
85			FilterHidden = eldap:equalityMatch("description", "hidden"),
86			% FilterGroup = eldap:equalityMatch("memberOf", AdGroup),
87			FilterLive = eldap:equalityMatch("userAccountControl", "66050"),
88			FilterDef = eldap:present(Attr),
89			Filter = eldap:'and'([
90			FilterDef,
91			FilterPerson,
92			% FilterGroup,
93			eldap:'not'(FilterComp),
94			eldap:'not'(FilterHidden),
95			eldap:'not'(FilterLive)]),
96			Base = ejabberd_config:get_local_option({ad_base, LServer}),
97			case eldap:search(get_eldap_id(LServer, ejabberd),
98			[{base, Base},
99			{filter, Filter},
100			{attributes, [Attr]}]) of
101			#eldap_search_result{entries = Es} ->
102			lists:flatmap(
103			fun(E) ->
104			case lists:keysearch(Attr, 1, E#eldap_entry.attributes) of
105			{value, {_, [U]}} ->
106			case jlib:nodeprep(U) of
107			error ->
108			[];
109			LU ->
110			[{LU, LServer}]
111			end;
112			_ ->
113			[]
114			end
115			end, Es);
116			_ ->
117			[]
118			end.
119
120			get_password(_User, _Server) ->
121			false.
122
123			get_password_s(_User, _Server) ->
124			"".
125
126			is_user_exists(User, Server) ->
127			case find_user_dn(User, Server) of
128			false ->
129			false;
130			_DN ->
131			true
132			end.
133
134			remove_user(_User, _Server) ->
135			{error, not_allowed}.
136
137			remove_user(_User, _Server, _Password) ->
138			not_allowed.
139
140
141			%%%----------------------------------------------------------------------
142			%%% Internal functions
143			%%%----------------------------------------------------------------------
144
145			find_user_dn(User, Server) ->
146			LServer = jlib:nameprep(Server),
147			AdGroup = ejabberd_config:get_local_option({ad_group, LServer}),
148			Attr = ejabberd_config:get_local_option({ad_uidattr, LServer}),
149			FilterAttr = eldap:equalityMatch(Attr, User),
150			FilterGroup = eldap:equalityMatch("memberOf", AdGroup),
151			Filter = eldap:'and'([
152			FilterAttr,
153			FilterGroup
154			]),
155			Base = ejabberd_config:get_local_option({ad_base, LServer}),
156			case eldap:search(get_eldap_id(LServer, ejabberd),
157			[{base, Base},
158			{filter, Filter},
159			{attributes, []}]) of
160			#eldap_search_result{entries = [E \| _]} ->
161			E#eldap_entry.object_name;
162			_ ->
163			false
164			end.
165
166			get_eldap_id(Host, Name) ->
167			atom_to_list(gen_mod:get_module_proc(Host, Name)).