New option pam_userinfotype to provide username or JID (EJAB-652)
This commit is contained in:
parent
110819525f
commit
2331e23f49
|
@ -1087,6 +1087,10 @@ PAM authentication is disabled by default, so you have to configure and compile
|
|||
<B><TT>{pam_service, Name}</TT></B></DT><DD CLASS="dd-description">This option defines the PAM service name.
|
||||
Default is <TT>"ejabberd"</TT>. Refer to the PAM documentation of your operation system
|
||||
for more information.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{pam_userinfotype, username|jid}</TT></B></DT><DD CLASS="dd-description">
|
||||
This option defines what type of information about the user ejabberd
|
||||
provides to the PAM service: only the username, or the user JID.
|
||||
Default is <TT>username</TT>.
|
||||
</DD></DL><P>Example:
|
||||
</P><PRE CLASS="verbatim">{auth_method, [pam]}.
|
||||
{pam_service, "ejabberd"}.
|
||||
|
@ -1636,6 +1640,11 @@ Allowed values are: <TT>none</TT>, <TT>tls</TT>.
|
|||
The value <TT>tls</TT> enables encryption by using LDAP over SSL.
|
||||
Note that STARTTLS encryption is not supported.
|
||||
The default value is: <TT>none</TT>.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{ldap_tls_verify, false|soft|hard}</TT></B></DT><DD CLASS="dd-description">
|
||||
This option specifies whether to verify LDAP server certificate or not when TLS is enabled.
|
||||
When <TT>hard</TT> is enabled <TT>ejabberd</TT> doesn’t proceed if a certificate is invalid.
|
||||
When <TT>soft</TT> is enabled <TT>ejabberd</TT> proceeds even if check fails.
|
||||
The default is <TT>false</TT> which means no checks are performed.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{ldap_port, Number}</TT></B></DT><DD CLASS="dd-description"> Port to connect to your LDAP server.
|
||||
The default port is 389 if encryption is disabled; and 636 if encryption is enabled.
|
||||
If you configure a value, it is stored in <TT>ejabberd</TT>’s database.
|
||||
|
|
|
@ -1279,6 +1279,10 @@ Options:
|
|||
\titem{\{pam\_service, Name\}}\ind{options!pam\_service}This option defines the PAM service name.
|
||||
Default is \term{"ejabberd"}. Refer to the PAM documentation of your operation system
|
||||
for more information.
|
||||
\titem{\{pam\_userinfotype, username|jid\}}\ind{options!pam\_userinfotype}
|
||||
This option defines what type of information about the user ejabberd
|
||||
provides to the PAM service: only the username, or the user JID.
|
||||
Default is \term{username}.
|
||||
\end{description}
|
||||
|
||||
Example:
|
||||
|
|
|
@ -81,7 +81,11 @@ check_password(User, Server, Password, _StreamID, _Digest) ->
|
|||
|
||||
check_password(User, Server, Password) ->
|
||||
Service = get_pam_service(Server),
|
||||
case catch epam:authenticate(Service, User, Password) of
|
||||
UserInfo = case get_pam_userinfotype(Server) of
|
||||
username -> User;
|
||||
jid -> User++"@"++Server
|
||||
end,
|
||||
case catch epam:authenticate(Service, UserInfo, Password) of
|
||||
true -> true;
|
||||
_ -> false
|
||||
end.
|
||||
|
@ -133,7 +137,11 @@ get_password_s(_User, _Server) ->
|
|||
|
||||
is_user_exists(User, Server) ->
|
||||
Service = get_pam_service(Server),
|
||||
case catch epam:acct_mgmt(Service, User) of
|
||||
UserInfo = case get_pam_userinfotype(Server) of
|
||||
username -> User;
|
||||
jid -> User++"@"++Server
|
||||
end,
|
||||
case catch epam:acct_mgmt(Service, UserInfo) of
|
||||
true -> true;
|
||||
_ -> false
|
||||
end.
|
||||
|
@ -170,3 +178,8 @@ get_pam_service(Server) ->
|
|||
undefined -> "ejabberd";
|
||||
Service -> Service
|
||||
end.
|
||||
get_pam_userinfotype(Host) ->
|
||||
case ejabberd_config:get_local_option({pam_userinfotype, Host}) of
|
||||
undefined -> username;
|
||||
Type -> Type
|
||||
end.
|
||||
|
|
Loading…
Reference in New Issue