Mercurial > prosodywiki
annotate mod_auth_ldap.wiki @ 422:7e5c6a70af1e
update
author  Kim Alvefur <zash@zash.se> 

date  Fri, 24 Jan 2014 18:23:31 +0100 
parents  eb372e6bb82f 
children  042161223488 
rev  line source 

137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

1 #summary LDAP authentication module 
181  2 #labels StageAlpha,TypeAuth 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

3 
183
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset

4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosodydev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._ 
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset

5 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

6 = Introduction = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

7 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

8 This is a Prosody authentication plugin which uses LDAP as the backend. 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

9 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

10 = Configuration = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

11 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

12 Copy the module to the prosody modules/plugins directory. 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

13 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

14 In Prosody's configuration file, under the desired host section, add: 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

15 {{{ 
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

16 authentication = "ldap" 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

17 }}} 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

18 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

19 LDAP options are: 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

20  *Name*  *Description*  *Default value*  
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

21  ldap_server  spaceseparated list of hostnames or IPs  "localhost"  
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

22  ldap_rootdn  the distinguished name to auth against  "" (anonymous)  
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

23  ldap_password  the password  ""  
422  24  ldap_filter  search filter, with $user substituded for username  "(uid=$user)"  
403  25  ldap_scope  search scope. other values: "base" and "subtree"  "onelevel"  
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

26  ldap_tls  Use TLS to connect to LDAP? (can be true or false)  false  
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

27  ldap_base  LDAP base directory which stores user accounts  this is required  
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

28  ldap_mode  How to validate passwords. Other option is "bind"  "getpasswd"  
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

29 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

30 = Modes = 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

31 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

32 The "getpasswd" mode requires plain text access to passwords in LDAP and 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

33 feeds them into Prosodys authentication system. This enables more secure 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

34 authentication mechanisms but does not work for all deployments. 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

35 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

36 The "bind" performs an LDAP bind, does not require plain text access to 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

37 passwords but limits you to the PLAIN authentication mechanism. 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

38 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

39 = Compatibility = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

40 
400
c5d049266555
mod_auth_ldap: Document ldap_filter option
Kim Alvefur <zash@zash.se>
parents:
183
diff
changeset

41  0.8 and above  should work  