LDAP based setups can't list their users, which some modules need. Particularly I have in mind mod_groups_migration, which balks at LDAP. Implement users().
This needs a corresponding doc update because it adds `ldap_list_filter` but I haven't found that repo yet! -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/prosody-dev/YQBPR0101MB4951F068F8F9F4FB15442DB6B426A%40YQBPR0101MB4951.CANPRD01.PROD.OUTLOOK.COM.
# HG changeset patch # User Nick <[email protected]> # Date 1753799760 14400 # Tue Jul 29 10:36:00 2025 -0400 # Node ID 9e4691cad24e5aafa3c3161bc637595bdf54b632 # Parent 6ad72bd9a7ec55a8024615041bf80c22084d48b0 mod_auth_ldap: implement users() This makes, or at least improves, mod_auth_ldap compatibility with - mod_announce - mod_mimicking - mod_admin_shell's user:list() (!) - mod_groups_migration - mod_flags - mod_http_admin_api - mod_auth_token - mod_vjud diff -r 6ad72bd9a7ec -r 9e4691cad24e plugins/mod_auth_ldap.lua --- a/plugins/mod_auth_ldap.lua Sun Jul 27 01:11:58 2025 +0200 +++ b/plugins/mod_auth_ldap.lua Tue Jul 29 10:36:00 2025 -0400 @@ -3,6 +3,7 @@ local new_sasl = require "prosody.util.sasl".new; local lualdap = require "lualdap"; + local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end @@ -14,6 +15,7 @@ local ldap_tls = module:get_option_boolean("ldap_tls"); local ldap_scope = module:get_option_enum("ldap_scope", "subtree", "base", "onelevel"); local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); +local ldap_list_filter = module:get_option_string("ldap_list_filter", "(&(&(|(objectclass=inetOrgPerson))))"); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); local ldap_mode = module:get_option_enum("ldap_mode", "bind", "getpasswd"); local ldap_admins = module:get_option_string("ldap_admin_filter", @@ -139,4 +141,32 @@ module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); end +function provider.users() + if ld == nil then + local err; + ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); + if not ld then return nil, err; end + end + + return coroutine.wrap(function() + for dn, attr in ld:search { + base = ldap_base; + scope = ldap_scope; + filter = ldap_list_filter; + } do + if dn and attr then + local uid = attr['uid'] + if uid then + if type(uid) == "table" then + uid = uid[1] + end + coroutine.yield(uid); + end + end + end + + end); +end + module:provides("auth", provider); +
