Mercurial > prosodywiki
annotate mod_auth_ldap.wiki @ 468:eb771cbbf410
Incorporated feedback from Daniel Pocock
author  MWild1@gmail.com 

date  Mon, 21 Jul 2014 11:56:43 +0000 
parents  042161223488 
children  bb454e0cb7fc 
rev  line source 

137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

1 #summary LDAP authentication module 
181  2 #labels StageAlpha,TypeAuth 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

3 
183
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset

4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosodydev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._ 
99ccedc61bca
Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents:
181
diff
changeset

5 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

6 = Introduction = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

7 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

8 This is a Prosody authentication plugin which uses LDAP as the backend. 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

9 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

10 = Configuration = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

11 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

12 Copy the module to the prosody modules/plugins directory. 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

13 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

14 In Prosody's configuration file, under the desired host section, add: 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

15 {{{ 
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

16 authentication = "ldap" 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

17 }}} 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

18 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

19 LDAP options are: 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

20  *Name*  *Description*  *Default value*  
468  21  ldap_server  spaceseparated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389")  "localhost"  
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

22  ldap_rootdn  the distinguished name to auth against  "" (anonymous)  
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

23  ldap_password  the password  ""  
450
042161223488
mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents:
422
diff
changeset

24  ldap_filter  search filter, with $user and $host substituded for user and hostname  "(uid=$user)"  
403  25  ldap_scope  search scope. other values: "base" and "subtree"  "onelevel"  
468  26  ldap_tls  Enable TLS (StartTLS) to connect to LDAP (can be true or false). The nonstandard 'LDAPS' protocol is not supported.  false  
450
042161223488
mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents:
422
diff
changeset

27  ldap_base  LDAP base directory which stores user accounts  This is required  
042161223488
mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents:
422
diff
changeset

28  ldap_mode  How passwords are validated.  "getpasswd" if ldap_rootdn is set, "bind" otherwise  
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

29 
468  30 *Note:* lualdap reads from /etc/ldap/ldap.conf and other files like 
31 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS  
32 root certificate can specify it in the normal way using TLS_CACERT in  
33 the OpenLDAP config file.  
34  
420
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

35 = Modes = 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

36 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

37 The "getpasswd" mode requires plain text access to passwords in LDAP and 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

38 feeds them into Prosodys authentication system. This enables more secure 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

39 authentication mechanisms but does not work for all deployments. 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

40 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

41 The "bind" performs an LDAP bind, does not require plain text access to 
eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents:
403
diff
changeset

42 passwords but limits you to the PLAIN authentication mechanism. 
137
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

43 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

44 = Compatibility = 
eb945500dae4
mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset

45 
468  46  0.8 and above  should work  