Mercurial > prosody-wiki
annotate mod_auth_ldap.wiki @ 440:6e91b7ab36c1
update
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 18 Mar 2014 15:10:53 +0100 |
parents | 7e5c6a70af1e |
children | 042161223488 |
rev | line source |
---|---|
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 #summary LDAP authentication module |
181 | 2 #labels Stage-Alpha,Type-Auth |
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 |
183
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset
|
4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._ |
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset
|
5 |
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 = Introduction = |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 This is a Prosody authentication plugin which uses LDAP as the backend. |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 = Configuration = |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 Copy the module to the prosody modules/plugins directory. |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 In Prosody's configuration file, under the desired host section, add: |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 {{{ |
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
16 authentication = "ldap" |
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 }}} |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 LDAP options are: |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 || *Name* || *Description* || *Default value* || |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 || ldap_server || space-separated list of hostnames or IPs || "localhost" || |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 || ldap_password || the password || "" || |
422 | 24 || ldap_filter || search filter, with $user substituded for username || "(uid=$user)" || |
403 | 25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || |
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 || ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false || |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
27 || ldap_base || LDAP base directory which stores user accounts || this is required || |
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
28 || ldap_mode || How to validate passwords. Other option is "bind" || "getpasswd" || |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
29 |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
30 = Modes = |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
31 |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
32 The "getpasswd" mode requires plain text access to passwords in LDAP and |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
33 feeds them into Prosodys authentication system. This enables more secure |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
34 authentication mechanisms but does not work for all deployments. |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
35 |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
36 The "bind" performs an LDAP bind, does not require plain text access to |
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset
|
37 passwords but limits you to the PLAIN authentication mechanism. |
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 = Compatibility = |
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 |
400
c5d049266555
mod_auth_ldap: Document ldap_filter option
Kim Alvefur <zash@zash.se>
parents:
183
diff
changeset
|
41 || 0.8 and above || should work || |