annotate mod_auth_ldap.wiki @ 440:6e91b7ab36c1

update
author Kim Alvefur <zash@zash.se>
date Tue, 18 Mar 2014 15:10:53 +0100
parents 7e5c6a70af1e
children 042161223488
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 #summary LDAP authentication module
181
dbe3fcc3dbbb Add Type-Auth tag.
MWild1
parents: 137
diff changeset
2 #labels Stage-Alpha,Type-Auth
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3
183
99ccedc61bca Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents: 181
diff changeset
4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._
99ccedc61bca Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents: 181
diff changeset
5
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 = Introduction =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 This is a Prosody authentication plugin which uses LDAP as the backend.
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 = Configuration =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 Copy the module to the prosody modules/plugins directory.
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 In Prosody's configuration file, under the desired host section, add:
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 {{{
420
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
16 authentication = "ldap"
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 }}}
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 LDAP options are:
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 || *Name* || *Description* || *Default value* ||
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 || ldap_server || space-separated list of hostnames or IPs || "localhost" ||
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) ||
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 || ldap_password || the password || "" ||
422
Kim Alvefur <zash@zash.se>
parents: 420
diff changeset
24 || ldap_filter || search filter, with $user substituded for username || "(uid=$user)" ||
403
6c54b5a7ccfb Document ldap_scope
Kim Alvefur <zash@zash.se>
parents: 400
diff changeset
25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" ||
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 || ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false ||
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 || ldap_base || LDAP base directory which stores user accounts || this is required ||
420
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
28 || ldap_mode || How to validate passwords. Other option is "bind" || "getpasswd" ||
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
29
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
30 = Modes =
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
31
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
32 The "getpasswd" mode requires plain text access to passwords in LDAP and
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
33 feeds them into Prosodys authentication system. This enables more secure
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
34 authentication mechanisms but does not work for all deployments.
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
35
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
36 The "bind" performs an LDAP bind, does not require plain text access to
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
37 passwords but limits you to the PLAIN authentication mechanism.
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 = Compatibility =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40
400
c5d049266555 mod_auth_ldap: Document ldap_filter option
Kim Alvefur <zash@zash.se>
parents: 183
diff changeset
41 || 0.8 and above || should work ||