From b2cd67c78bccb9f3ef56a92c03e9fdeea61a99f5 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Tue, 26 May 2015 20:46:36 -0400
Subject: [PATCH] xmpp: Add option to use LDAP for authentication.

---
 actions/xmpp-setup          | 31 ++++++++++++++++++++++++++++++
 plinth/modules/xmpp/xmpp.py | 38 ++++++++++++++++++++++++++++---------
 2 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/actions/xmpp-setup b/actions/xmpp-setup
index fe69291b2..1e269dfca 100755
--- a/actions/xmpp-setup
+++ b/actions/xmpp-setup
@@ -24,6 +24,14 @@ fi
 xmpp_inband_enable_cur=$xmpp_inband_enable
 export xmpp_inband_enable
 
+if grep --quiet "^auth_method: ldap" /etc/ejabberd/ejabberd.yml; then
+    ldap_enable=true
+else
+    ldap_enable=false
+fi
+ldap_enable_cur=$ldap_enable
+export ldap_enable
+
 while [ "$1" ] ; do
     arg="$1"
     shift
@@ -36,6 +44,14 @@ while [ "$1" ] ; do
             fi
             export xmpp_inband_enable
             ;;
+	ldap_enable|noldap_enable)
+	    if [ 'ldap_enable' = "$arg" ] ; then
+		ldap_enable=true
+	    else
+		ldap_enable=false
+	    fi
+	    export ldap_enable
+	    ;;
         status)
             printstatus() {
                 if "$2" ; then
@@ -45,6 +61,7 @@ while [ "$1" ] ; do
                 fi
             }
             printstatus inband_enable $xmpp_inband_enable_cur
+            printstatus ldap_enable $ldap_enable_cur
             exit 0
             ;;
         *)
@@ -60,3 +77,17 @@ if [ "$xmpp_inband_enable" != "$xmpp_inband_enable_cur" ] ; then
     fi
     ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
 fi
+
+if [ "$ldap_enable" != "$ldap_enable_cur" ] ; then
+    if $ldap_enable ; then
+	sed -i 's/^auth_method: internal/## auth_method: internal/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## auth_method: ldap/auth_method: ldap/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## ldap_servers:/ldap_servers:\
+  - "localhost"/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^## ldap_base: .*/ldap_base: "ou=users,dc=thisbox"/' /etc/ejabberd/ejabberd.yml
+    else
+	sed -i 's/^## auth_method: internal/auth_method: internal/' /etc/ejabberd/ejabberd.yml
+	sed -i 's/^auth_method: ldap/## auth_method: ldap/' /etc/ejabberd/ejabberd.yml
+    fi
+    ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
+fi
diff --git a/plinth/modules/xmpp/xmpp.py b/plinth/modules/xmpp/xmpp.py
index 0ade5c948..4aa4c5330 100644
--- a/plinth/modules/xmpp/xmpp.py
+++ b/plinth/modules/xmpp/xmpp.py
@@ -88,6 +88,10 @@ def index(request):
 
 class ConfigureForm(forms.Form):  # pylint: disable-msg=W0232
     """Configuration form"""
+    ldap_enabled = forms.BooleanField(
+        label=_('Use LDAP for authentication'), required=False,
+        help_text=_('When enabled, only LDAP users will be able to login to \
+the server'))
     inband_enabled = forms.BooleanField(
         label=_('Allow In-Band Registration'), required=False,
         help_text=_('When enabled, anyone who can reach this server will be \
@@ -120,34 +124,50 @@ def configure(request):
 def get_status():
     """Return the current status"""
     output = actions.run('xmpp-setup', ['status'])
-    return {'inband_enabled': 'inband_enable' in output.split()}
+    return {'inband_enabled': 'inband_enable' in output.split(),
+            'ldap_enabled': 'ldap_enable' in output.split()}
 
 
 def _apply_changes(request, old_status, new_status):
     """Apply the form changes"""
     logger.info('Status - %s, %s', old_status, new_status)
 
-    if old_status['inband_enabled'] == new_status['inband_enabled']:
+    if old_status['inband_enabled'] == new_status['inband_enabled'] \
+    and old_status['ldap_enabled'] == new_status['ldap_enabled']:
         messages.info(request, _('Setting unchanged'))
         return
 
-    if new_status['inband_enabled']:
-        option = 'inband_enable'
-    else:
-        option = 'noinband_enable'
+    options = []
 
-    logger.info('Option - %s', option)
-    output = actions.superuser_run('xmpp-setup', [option])
+    if new_status['inband_enabled']:
+        options.append('inband_enable')
+    else:
+        options.append('noinband_enable')
+
+    if new_status['ldap_enabled']:
+        options.append('ldap_enable')
+    else:
+        options.append('noldap_enable')
+
+    logger.info('Option - %s', options)
+    output = actions.superuser_run('xmpp-setup', options)
 
     if 'Failed' in output:
         messages.error(request,
                        _('Error when configuring XMPP server: %s') %
                        output)
-    elif option == 'inband_enable':
+        return
+
+    if 'inband_enable' in options:
         messages.success(request, _('Inband registration enabled'))
     else:
         messages.success(request, _('Inband registration disabled'))
 
+    if 'ldap_enable' in options:
+        messages.success(request, _('LDAP authentication enabled'))
+    else:
+        messages.success(request, _('LDAP authentication disabled'))
+
 
 class RegisterForm(forms.Form):  # pylint: disable-msg=W0232
     """Configuration form."""