Mercurial > prosody-modules
comparison mod_auth_ldap/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Aug 2015 16:43:56 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1781:12ac88940fe3 | 1782:29f3d6b7ad16 |
|---|---|
| 1 #summary LDAP authentication module | |
| 2 #labels Stage-Alpha,Type-Auth | |
| 3 | |
| 4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._ | |
| 5 | |
| 6 = Introduction = | |
| 7 | |
| 8 This is a Prosody authentication plugin which uses LDAP as the backend. | |
| 9 | |
| 10 = Dependecies = | |
| 11 | |
| 12 This module depends on [http://www.keplerproject.org/lualdap/ LuaLDAP] for connecting to an LDAP server. | |
| 13 | |
| 14 = Configuration = | |
| 15 | |
| 16 Copy the module to the prosody modules/plugins directory. | |
| 17 | |
| 18 In Prosody's configuration file, under the desired host section, add: | |
| 19 {{{ | |
| 20 authentication = "ldap" | |
| 21 ldap_base = "ou=people,dc=example,dc=com" | |
| 22 }}} | |
| 23 | |
| 24 LDAP options are: | |
| 25 || *Name* || *Description* || *Default value* || | |
| 26 || ldap_server || Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || | |
| 27 || ldap_rootdn || The distinguished name to auth against || "" (anonymous) || | |
| 28 || ldap_password || Password for rootdn || "" || | |
| 29 || ldap_filter || Search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || | |
| 30 || ldap_scope || Search scope. other values: "base" and "subtree" || "onelevel" || | |
| 31 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || | |
| 32 || ldap_base || LDAP base directory which stores user accounts || This is required || | |
| 33 || ldap_mode || How passwords are validated. || "bind" || | |
| 34 | |
| 35 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like | |
| 36 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS | |
| 37 root certificate can specify it in the normal way using TLS_CACERT in | |
| 38 the OpenLDAP config file. | |
| 39 | |
| 40 = Modes = | |
| 41 | |
| 42 The "getpasswd" mode requires plain text access to passwords in LDAP and | |
| 43 feeds them into Prosodys authentication system. This enables more secure | |
| 44 authentication mechanisms but does not work for all deployments. | |
| 45 | |
| 46 The "bind" performs an LDAP bind, does not require plain text access to | |
| 47 passwords but limits you to the PLAIN authentication mechanism. | |
| 48 | |
| 49 = Compatibility = | |
| 50 | |
| 51 || 0.8 and above || should work || |