Mercurial > prosody-modules

annotate mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua @ 5461:06640647d193

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs Per draft-ietf-oauth-v2-1-08#section-8.4.2 > The authorization server MUST allow any port to be specified at the > time of the request for loopback IP redirect URIs, to accommodate > clients that obtain an available ephemeral port from the operating > system at the time of the request. Uncertain if it should normalize the host part, but it also seems harmless to treat IPv6 and IPv4 the same here. One thing is that "localhost" is NOT RECOMMENDED because it can sometimes be pointed to non-loopback interfaces via DNS or hosts file.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 13:51:30 +0200
parents d47972f783fb
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
809
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
1 -- Use Include 'prosody-posix-ldap.cfg.lua' from prosody.cfg.lua to include this file
862
675945ea2ed6 Change hoelzro's mod_auth_ldap to mod_auth_ldap2
Rob Hoelz <rob@hoelz.ro>
parents: 826
diff changeset
2 authentication = 'ldap2' -- Indicate that we want to use LDAP for authentication
675945ea2ed6 Change hoelzro's mod_auth_ldap to mod_auth_ldap2
Rob Hoelz <rob@hoelz.ro>
parents: 826
diff changeset
3 storage = 'ldap' -- Indicate that we want to use LDAP for roster/vcard storage
809
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
4
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
5 ldap = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
6 hostname = 'localhost', -- LDAP server location
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
7 bind_dn = 'cn=Manager,dc=example,dc=com', -- Bind DN for LDAP authentication (optional if anonymous bind is supported)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
8 bind_password = 'prosody', -- Bind password (optional if anonymous bind is supported)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
9
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
10 user = {
873
7aaf5d8750a3 Filter out test record 'seven'
Rob Hoelz <rob@hoelz.ro>
parents: 862
diff changeset
11 basedn = 'ou=Users,dc=example,dc=com', -- The base DN where user records can be found
7aaf5d8750a3 Filter out test record 'seven'
Rob Hoelz <rob@hoelz.ro>
parents: 862
diff changeset
12 filter = '(&(objectClass=posixAccount)(!(uid=seven)))', -- Filter expression to find user records under basedn
7aaf5d8750a3 Filter out test record 'seven'
Rob Hoelz <rob@hoelz.ro>
parents: 862
diff changeset
13 usernamefield = 'uid', -- The field that contains the user's ID (this will be the username portion of the JID)
7aaf5d8750a3 Filter out test record 'seven'
Rob Hoelz <rob@hoelz.ro>
parents: 862
diff changeset
14 namefield = 'cn', -- The field that contains the user's full name (this will be the alias found in the roster)
809
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
15 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
16
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
17 groups = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
18 basedn = 'ou=Groups,dc=example,dc=com', -- The base DN where group records can be found
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
19 memberfield = 'memberUid', -- The field that contains user ID records for this group (each member must have a corresponding entry under the user basedn with the same value in usernamefield)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
20 namefield = 'cn', -- The field that contains the group's name (used for matching groups in LDAP to group definitions below)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
21
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
22 {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
23 name = 'everyone', -- The group name that will be seen in users' rosters
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
24 cn = 'Everyone', -- This field's key *must* match ldap.groups.namefield! It's the name of the LDAP group this definition represents
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
25 admin = false, -- (Optional) A boolean flag that indicates whether members of this group should be considered administrators.
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
26 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
27 {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
28 name = 'admin',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
29 cn = 'Admin',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
30 admin = true,
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
31 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
32 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
33
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
34 vcard_format = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
35 displayname = 'cn', -- Consult the vCard configuration section in the README
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
36 nickname = 'uid',
824
bc173b17c15f Add photo config to sample config
Rob Hoelz <rob@hoelz.ro>
parents: 809
diff changeset
37 photo = {
826
9dc7d92f44e8 Fix prosody config (type is MIME type)
Rob Hoelz <rob@hoelz.ro>
parents: 824
diff changeset
38 type = 'image/jpeg',
824
bc173b17c15f Add photo config to sample config
Rob Hoelz <rob@hoelz.ro>
parents: 809
diff changeset
39 binval = 'jpegPhoto',
1463
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
40 },
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
41 telephone = {
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
42 work = {
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
43 voice = true,
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
44 number = 'telephoneNumber',
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
45 },
d47972f783fb Include configuration for telephone numbers for LDAP test config
Rob Hoelz <rob@hoelz.ro>
parents: 873
diff changeset
46 },
809
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
47 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
48 }