From b3a507720a8be4d28fe4b5c48c38e65e3c1cb1ad Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Fri, 20 Jul 2012 12:49:33 +0300
Subject: [PATCH] Added LDAP authentication support for ejabberd

---
 ejabberd/manifests/init.pp          | 16 ++++++++++++++++
 ejabberd/templates/ejabberd.cfg.erb | 19 +++++++++++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp
index ed53085..a9abaeb 100644
--- a/ejabberd/manifests/init.pp
+++ b/ejabberd/manifests/init.pp
@@ -23,6 +23,19 @@
 #   $ejabberd_muclog_format:
 #       Chatroom log format. Valid values html or plaintext.
 #
+#   $ejabberd_auth:
+#       Authentication method or array of multiple methods.
+#       Valid values internal, external or ldap. Defaults to internal.
+#
+#   $ejabberd_extauth:
+#       Path to external authentication command.
+#
+#   $ejabberd_ldap_server:
+#       Array of LDAP authentication servers.
+#
+#   $ejabberd_ldap_basedn.
+#       LDAP base dn.
+#
 class ejabberd {
 
     include user::system
@@ -34,6 +47,9 @@ class ejabberd {
     if !$ejabberd_admin {
         $ejabberd_admin = []
     }
+    if !$ejabberd_auth {
+        $ejabberd_auth = "internal"
+    }
 
     case $ejabberd_muclog_format {
         "","html","plaintext": { }
diff --git a/ejabberd/templates/ejabberd.cfg.erb b/ejabberd/templates/ejabberd.cfg.erb
index 0dd6f05..4b31091 100644
--- a/ejabberd/templates/ejabberd.cfg.erb
+++ b/ejabberd/templates/ejabberd.cfg.erb
@@ -213,11 +213,22 @@ override_acls.
 %%%.   ==============
 %%%'   AUTHENTICATION
 
-<% if has_variable?("ejabberd_extauth") -%>
-{auth_method, external}.
-{extauth_program, "<%= ejabberd_extauth %>"}.
+<% if ejabberd_auth.is_a?(Array) -%>
+{auth_method, [<%= ejabberd_auth.join(", ") %>]}.
 <% else -%>
-{auth_method, internal}.
+{auth_method, <%= ejabberd_auth %>}.
+<% end -%>
+<% if has_variable?("ejabberd_extauth") -%>
+{extauth_program, "<%= ejabberd_extauth %>"}.
+<% end -%>
+<% if has_variable?("ejabberd_ldap_server") -%>
+<% ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
+{ldap_servers, [<%= ejabberd_ldap_server.join(", ") %>]}.
+{ldap_base, "<%= ejabberd_ldap_basedn %>"}.
+{ldap_encrypt, tls}.
+{ldap_port, 636}.
+{ldap_uids, [{"uid", "%u"}]}.
+{ldap_filter, "(!(loginShell=/sbin/nologin))"}.
 <% end -%>
 
 %%