Mercurial > prosody-modules

diff mod_auth_ldap/README.wiki @ 1782:29f3d6b7ad16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Import wiki pages
author Kim Alvefur <zash@zash.se>
date Mon, 24 Aug 2015 16:43:56 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_ldap/README.wiki	Mon Aug 24 16:43:56 2015 +0200
@@ -0,0 +1,51 @@
+#summary LDAP authentication module
+#labels Stage-Alpha,Type-Auth
+
+_*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._
+
+= Introduction =
+
+This is a Prosody authentication plugin which uses LDAP as the backend.
+
+= Dependecies =
+
+This module depends on [http://www.keplerproject.org/lualdap/ LuaLDAP] for connecting to an LDAP server.
+
+= Configuration =
+
+Copy the module to the prosody modules/plugins directory.
+
+In Prosody's configuration file, under the desired host section, add:
+{{{
+	authentication = "ldap"
+	ldap_base = "ou=people,dc=example,dc=com"
+}}}
+
+LDAP options are:
+|| *Name*        || *Description*                                      || *Default value*  ||
+|| ldap_server   || Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost"      ||
+|| ldap_rootdn   || The distinguished name to auth against             || "" (anonymous)   ||
+|| ldap_password || Password for rootdn                                || ""               ||
+|| ldap_filter   || Search filter, with $user and $host substituded for user- and hostname || "(uid=$user)"    ||
+|| ldap_scope    || Search scope. other values: "base" and "subtree"   || "onelevel"       ||
+|| ldap_tls      || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false            ||
+|| ldap_base     || LDAP base directory which stores user accounts     || This is required ||
+|| ldap_mode     || How passwords are validated.                       || "bind"           ||
+
+*Note:*  lua-ldap reads from /etc/ldap/ldap.conf and other files like
+~prosody/.ldaprc if they exist.  Users wanting to use a particular TLS
+root certificate can specify it in the normal way using TLS_CACERT in
+the OpenLDAP config file.
+
+= Modes =
+
+The "getpasswd" mode requires plain text access to passwords in LDAP and
+feeds them into Prosodys authentication system.  This enables more secure
+authentication mechanisms but does not work for all deployments.
+
+The "bind" performs an LDAP bind, does not require plain text access to
+passwords but limits you to the PLAIN authentication mechanism.
+
+= Compatibility =
+
+|| 0.8 and above || should work ||