Mercurial > prosody-modules
annotate mod_auth_ldap/README.markdown @ 4340:7cd3b7ec59e9
mod_http_oauth2: Rudimentary support for scopes (but not really)
We don't support limiting access, but this change will inform the
client what permissions the created token has (e.g. is the user an
admin or not).
There is some work in progress on real scope support.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 16 Jan 2021 19:47:22 +0000 |
| parents | 7a2998e48545 |
| children | f4f07891c4cc |
| rev | line source |
|---|---|
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
1 --- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
2 labels: |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
3 - 'Stage-Alpha' |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
4 - 'Type-Auth' |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
5 summary: LDAP authentication module |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
6 ... |
| 1782 | 7 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
8 Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
9 ============ |
| 1782 | 10 |
| 11 This is a Prosody authentication plugin which uses LDAP as the backend. | |
| 12 | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
13 Dependecies |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
14 =========== |
| 1782 | 15 |
|
3954
7a2998e48545
mod_auth_ldap: Fix broken link to LuaLDAP
Kim Alvefur <zash@zash.se>
parents:
3326
diff
changeset
|
16 This module depends on [LuaLDAP](https://github.com/lualdap/lualdap) |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
17 for connecting to an LDAP server. |
| 1782 | 18 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
19 Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
20 ============= |
| 1782 | 21 |
| 22 Copy the module to the prosody modules/plugins directory. | |
| 23 | |
| 24 In Prosody's configuration file, under the desired host section, add: | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
25 |
|
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
26 ``` {.lua} |
|
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
27 authentication = "ldap" |
|
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
28 ldap_base = "ou=people,dc=example,dc=com" |
|
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
29 ``` |
| 1782 | 30 |
|
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
31 Further LDAP options are: |
| 1782 | 32 |
|
3326
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
33 Name Description Default value |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
34 --------------------- ---------------------------------------------------------------------------------------------------------------------- -------------------- |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
35 ldap\_base LDAP base directory which stores user accounts **Required field** |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
36 ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") `"localhost"` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
37 ldap\_rootdn The distinguished name to auth against `""` (anonymous) |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
38 ldap\_password Password for rootdn `""` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
39 ldap\_filter Search filter, with `$user` and `$host` substituted for user- and hostname `"(uid=$user)"` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
40 ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
41 ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
42 ldap\_mode How passwords are validated. `"bind"` |
|
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
43 ldap\_admin\_filter Search filter to match admins, works like ldap\_filter |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
44 |
|
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
45 **Note:** lua-ldap reads from `/etc/ldap/ldap.conf` and other files like |
|
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
46 `~prosody/.ldaprc` if they exist. Users wanting to use a particular TLS |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
47 root certificate can specify it in the normal way using TLS\_CACERT in |
| 1782 | 48 the OpenLDAP config file. |
| 49 | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
50 Modes |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
51 ===== |
| 1782 | 52 |
|
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
53 The `"getpasswd"` mode requires plain text access to passwords in LDAP |
|
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
54 and feeds them into Prosodys authentication system. This enables more |
|
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
55 secure authentication mechanisms but does not work for all deployments. |
| 1782 | 56 |
|
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
57 The `"bind"` mode performs an LDAP bind, does not require plain text |
|
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
58 access to passwords but limits you to the PLAIN authentication |
|
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
59 mechanism. |
| 1782 | 60 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
61 Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
62 ============= |
| 1782 | 63 |
|
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
64 Works with 0.8 and later. |