xmpp: Add option to use LDAP for authentication.

2026-01-28 08:03:36 +00:00 · 2015-05-26 20:46:36 -04:00 · 2015-05-26 20:46:36 -04:00 · b2cd67c78b
commit b2cd67c78b
parent 910ff97c62
2 changed files with 60 additions and 9 deletions
--- a/actions/xmpp-setup
+++ b/actions/xmpp-setup
@ -24,6 +24,14 @@ fi
 xmpp_inband_enable_cur=$xmpp_inband_enable
 export xmpp_inband_enable

+if grep --quiet "^auth_method: ldap" /etc/ejabberd/ejabberd.yml; then
+    ldap_enable=true
+else
+    ldap_enable=false
+fi
+ldap_enable_cur=$ldap_enable
+export ldap_enable
+
 while [ "$1" ] ; do
    arg="$1"
    shift
@ -36,6 +44,14 @@ while [ "$1" ] ; do
            fi
            export xmpp_inband_enable
            ;;
+	ldap_enable|noldap_enable)
+	    if [ 'ldap_enable' = "$arg" ] ; then
+		ldap_enable=true
+	    else
+		ldap_enable=false
+	    fi
+	    export ldap_enable
+	    ;;
        status)
            printstatus() {
                if "$2" ; then
@ -45,6 +61,7 @@ while [ "$1" ] ; do
                fi
            }
            printstatus inband_enable $xmpp_inband_enable_cur
+            printstatus ldap_enable $ldap_enable_cur
            exit 0
            ;;
        *)
@ -60,3 +77,17 @@ if [ "$xmpp_inband_enable" != "$xmpp_inband_enable_cur" ] ; then
    fi
    ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
 fi
+
+if [ "$ldap_enable" != "$ldap_enable_cur" ] ; then
+    if $ldap_enable ; then
+	sed -i 's/^auth_method: internal/## auth_method: internal/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## auth_method: ldap/auth_method: ldap/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## ldap_servers:/ldap_servers:\
+  - "localhost"/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## ldap_base: .*/ldap_base: "ou=users,dc=thisbox"/' /etc/ejabberd/ejabberd.yml
+    else
+	sed -i 's/^## auth_method: internal/auth_method: internal/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^auth_method: ldap/## auth_method: ldap/' /etc/ejabberd/ejabberd.yml
+    fi
+    ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
+fi
--- a/plinth/modules/xmpp/xmpp.py
+++ b/plinth/modules/xmpp/xmpp.py
@ -88,6 +88,10 @@ def index(request):

 class ConfigureForm(forms.Form):  # pylint: disable-msg=W0232
    """Configuration form"""
+    ldap_enabled = forms.BooleanField(
+        label=_('Use LDAP for authentication'), required=False,
+        help_text=_('When enabled, only LDAP users will be able to login to \
+the server'))
    inband_enabled = forms.BooleanField(
        label=_('Allow In-Band Registration'), required=False,
        help_text=_('When enabled, anyone who can reach this server will be \
@ -120,34 +124,50 @@ def configure(request):
 def get_status():
    """Return the current status"""
    output = actions.run('xmpp-setup', ['status'])
-    return {'inband_enabled': 'inband_enable' in output.split()}
+    return {'inband_enabled': 'inband_enable' in output.split(),
+            'ldap_enabled': 'ldap_enable' in output.split()}


 def _apply_changes(request, old_status, new_status):
    """Apply the form changes"""
    logger.info('Status - %s, %s', old_status, new_status)

-    if old_status['inband_enabled'] == new_status['inband_enabled']:
+    if old_status['inband_enabled'] == new_status['inband_enabled'] \
+    and old_status['ldap_enabled'] == new_status['ldap_enabled']:
        messages.info(request, _('Setting unchanged'))
        return

-    if new_status['inband_enabled']:
-        option = 'inband_enable'
-    else:
-        option = 'noinband_enable'
+    options = []

-    logger.info('Option - %s', option)
-    output = actions.superuser_run('xmpp-setup', [option])
+    if new_status['inband_enabled']:
+        options.append('inband_enable')
+    else:
+        options.append('noinband_enable')
+
+    if new_status['ldap_enabled']:
+        options.append('ldap_enable')
+    else:
+        options.append('noldap_enable')
+
+    logger.info('Option - %s', options)
+    output = actions.superuser_run('xmpp-setup', options)

    if 'Failed' in output:
        messages.error(request,
                       _('Error when configuring XMPP server: %s') %
                       output)
-    elif option == 'inband_enable':
+        return
+
+    if 'inband_enable' in options:
        messages.success(request, _('Inband registration enabled'))
    else:
        messages.success(request, _('Inband registration disabled'))

+    if 'ldap_enable' in options:
+        messages.success(request, _('LDAP authentication enabled'))
+    else:
+        messages.success(request, _('LDAP authentication disabled'))
+

 class RegisterForm(forms.Form):  # pylint: disable-msg=W0232
    """Configuration form."""