mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-04-29 10:10:19 +00:00
xmpp: Add option to use LDAP for authentication.
This commit is contained in:
James Valleroy
Sunil Mohan Adapa
parent
910ff97c62
commit
b2cd67c78b
@ -24,6 +24,14 @@ fi
|
|||||||
xmpp_inband_enable_cur=$xmpp_inband_enable
|
xmpp_inband_enable_cur=$xmpp_inband_enable
|
||||||
export xmpp_inband_enable
|
export xmpp_inband_enable
|
||||||
|
|
||||||
|
if grep --quiet "^auth_method: ldap" /etc/ejabberd/ejabberd.yml; then
|
||||||
|
ldap_enable=true
|
||||||
|
else
|
||||||
|
ldap_enable=false
|
||||||
|
fi
|
||||||
|
ldap_enable_cur=$ldap_enable
|
||||||
|
export ldap_enable
|
||||||
|
|
||||||
while [ "$1" ] ; do
|
while [ "$1" ] ; do
|
||||||
arg="$1"
|
arg="$1"
|
||||||
shift
|
shift
|
||||||
@ -36,6 +44,14 @@ while [ "$1" ] ; do
|
|||||||
fi
|
fi
|
||||||
export xmpp_inband_enable
|
export xmpp_inband_enable
|
||||||
;;
|
;;
|
||||||
|
ldap_enable|noldap_enable)
|
||||||
|
if [ 'ldap_enable' = "$arg" ] ; then
|
||||||
|
ldap_enable=true
|
||||||
|
else
|
||||||
|
ldap_enable=false
|
||||||
|
fi
|
||||||
|
export ldap_enable
|
||||||
|
;;
|
||||||
status)
|
status)
|
||||||
printstatus() {
|
printstatus() {
|
||||||
if "$2" ; then
|
if "$2" ; then
|
||||||
@ -45,6 +61,7 @@ while [ "$1" ] ; do
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
printstatus inband_enable $xmpp_inband_enable_cur
|
printstatus inband_enable $xmpp_inband_enable_cur
|
||||||
|
printstatus ldap_enable $ldap_enable_cur
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -60,3 +77,17 @@ if [ "$xmpp_inband_enable" != "$xmpp_inband_enable_cur" ] ; then
|
|||||||
fi
|
fi
|
||||||
ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
|
ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$ldap_enable" != "$ldap_enable_cur" ] ; then
|
||||||
|
if $ldap_enable ; then
|
||||||
|
sed -i 's/^auth_method: internal/## auth_method: internal/' /etc/ejabberd/ejabberd.yml
|
||||||
|
sed -i 's/^## auth_method: ldap/auth_method: ldap/' /etc/ejabberd/ejabberd.yml
|
||||||
|
sed -i 's/^## ldap_servers:/ldap_servers:\
|
||||||
|
- "localhost"/' /etc/ejabberd/ejabberd.yml
|
||||||
|
sed -i 's/^## ldap_base: .*/ldap_base: "ou=users,dc=thisbox"/' /etc/ejabberd/ejabberd.yml
|
||||||
|
else
|
||||||
|
sed -i 's/^## auth_method: internal/auth_method: internal/' /etc/ejabberd/ejabberd.yml
|
||||||
|
sed -i 's/^auth_method: ldap/## auth_method: ldap/' /etc/ejabberd/ejabberd.yml
|
||||||
|
fi
|
||||||
|
ejabberdctl restart || echo "Failed to restart ejabberd with new configuration."
|
||||||
|
fi
|
||||||
|
|||||||
@ -88,6 +88,10 @@ def index(request):
|
|||||||
|
|
||||||
class ConfigureForm(forms.Form): # pylint: disable-msg=W0232
|
class ConfigureForm(forms.Form): # pylint: disable-msg=W0232
|
||||||
"""Configuration form"""
|
"""Configuration form"""
|
||||||
|
ldap_enabled = forms.BooleanField(
|
||||||
|
label=_('Use LDAP for authentication'), required=False,
|
||||||
|
help_text=_('When enabled, only LDAP users will be able to login to \
|
||||||
|
the server'))
|
||||||
inband_enabled = forms.BooleanField(
|
inband_enabled = forms.BooleanField(
|
||||||
label=_('Allow In-Band Registration'), required=False,
|
label=_('Allow In-Band Registration'), required=False,
|
||||||
help_text=_('When enabled, anyone who can reach this server will be \
|
help_text=_('When enabled, anyone who can reach this server will be \
|
||||||
@ -120,34 +124,50 @@ def configure(request):
|
|||||||
def get_status():
|
def get_status():
|
||||||
"""Return the current status"""
|
"""Return the current status"""
|
||||||
output = actions.run('xmpp-setup', ['status'])
|
output = actions.run('xmpp-setup', ['status'])
|
||||||
return {'inband_enabled': 'inband_enable' in output.split()}
|
return {'inband_enabled': 'inband_enable' in output.split(),
|
||||||
|
'ldap_enabled': 'ldap_enable' in output.split()}
|
||||||
|
|
||||||
|
|
||||||
def _apply_changes(request, old_status, new_status):
|
def _apply_changes(request, old_status, new_status):
|
||||||
"""Apply the form changes"""
|
"""Apply the form changes"""
|
||||||
logger.info('Status - %s, %s', old_status, new_status)
|
logger.info('Status - %s, %s', old_status, new_status)
|
||||||
|
|
||||||
if old_status['inband_enabled'] == new_status['inband_enabled']:
|
if old_status['inband_enabled'] == new_status['inband_enabled'] \
|
||||||
|
and old_status['ldap_enabled'] == new_status['ldap_enabled']:
|
||||||
messages.info(request, _('Setting unchanged'))
|
messages.info(request, _('Setting unchanged'))
|
||||||
return
|
return
|
||||||
|
|
||||||
if new_status['inband_enabled']:
|
options = []
|
||||||
option = 'inband_enable'
|
|
||||||
else:
|
|
||||||
option = 'noinband_enable'
|
|
||||||
|
|
||||||
logger.info('Option - %s', option)
|
if new_status['inband_enabled']:
|
||||||
output = actions.superuser_run('xmpp-setup', [option])
|
options.append('inband_enable')
|
||||||
|
else:
|
||||||
|
options.append('noinband_enable')
|
||||||
|
|
||||||
|
if new_status['ldap_enabled']:
|
||||||
|
options.append('ldap_enable')
|
||||||
|
else:
|
||||||
|
options.append('noldap_enable')
|
||||||
|
|
||||||
|
logger.info('Option - %s', options)
|
||||||
|
output = actions.superuser_run('xmpp-setup', options)
|
||||||
|
|
||||||
if 'Failed' in output:
|
if 'Failed' in output:
|
||||||
messages.error(request,
|
messages.error(request,
|
||||||
_('Error when configuring XMPP server: %s') %
|
_('Error when configuring XMPP server: %s') %
|
||||||
output)
|
output)
|
||||||
elif option == 'inband_enable':
|
return
|
||||||
|
|
||||||
|
if 'inband_enable' in options:
|
||||||
messages.success(request, _('Inband registration enabled'))
|
messages.success(request, _('Inband registration enabled'))
|
||||||
else:
|
else:
|
||||||
messages.success(request, _('Inband registration disabled'))
|
messages.success(request, _('Inband registration disabled'))
|
||||||
|
|
||||||
|
if 'ldap_enable' in options:
|
||||||
|
messages.success(request, _('LDAP authentication enabled'))
|
||||||
|
else:
|
||||||
|
messages.success(request, _('LDAP authentication disabled'))
|
||||||
|
|
||||||
|
|
||||||
class RegisterForm(forms.Form): # pylint: disable-msg=W0232
|
class RegisterForm(forms.Form): # pylint: disable-msg=W0232
|
||||||
"""Configuration form."""
|
"""Configuration form."""
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user