annotate mod_auth_ldap.wiki @ 468:eb771cbbf410

Incorporated feedback from Daniel Pocock
author MWild1@gmail.com
date Mon, 21 Jul 2014 11:56:43 +0000
parents 042161223488
children bb454e0cb7fc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 #summary LDAP authentication module
181
dbe3fcc3dbbb Add Type-Auth tag.
MWild1
parents: 137
diff changeset
2 #labels Stage-Alpha,Type-Auth
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3
183
99ccedc61bca Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents: 181
diff changeset
4 _*Note:* A modified version of this module is available, but is not yet committed here. The plan is to merge them, for more info see [http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35 this thread]._
99ccedc61bca Edited wiki page mod_auth_ldap through web user interface.
MWild1
parents: 181
diff changeset
5
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 = Introduction =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 This is a Prosody authentication plugin which uses LDAP as the backend.
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 = Configuration =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 Copy the module to the prosody modules/plugins directory.
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 In Prosody's configuration file, under the desired host section, add:
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 {{{
420
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
16 authentication = "ldap"
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 }}}
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 LDAP options are:
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 || *Name* || *Description* || *Default value* ||
468
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
21 || ldap_server || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" ||
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) ||
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 || ldap_password || the password || "" ||
450
042161223488 mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents: 422
diff changeset
24 || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" ||
403
6c54b5a7ccfb Document ldap_scope
Kim Alvefur <zash@zash.se>
parents: 400
diff changeset
25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" ||
468
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
26 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false ||
450
042161223488 mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents: 422
diff changeset
27 || ldap_base || LDAP base directory which stores user accounts || This is required ||
042161223488 mod_auth_ldap: Update configuration section
Kim Alvefur <zash@zash.se>
parents: 422
diff changeset
28 || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise ||
420
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
29
468
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
30 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
31 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
32 root certificate can specify it in the normal way using TLS_CACERT in
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
33 the OpenLDAP config file.
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
34
420
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
35 = Modes =
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
36
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
37 The "getpasswd" mode requires plain text access to passwords in LDAP and
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
38 feeds them into Prosodys authentication system. This enables more secure
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
39 authentication mechanisms but does not work for all deployments.
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
40
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
41 The "bind" performs an LDAP bind, does not require plain text access to
eb372e6bb82f mod_auth_ldap: Document the ldap_mode option
Kim Alvefur <zash@zash.se>
parents: 403
diff changeset
42 passwords but limits you to the PLAIN authentication mechanism.
137
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 = Compatibility =
eb945500dae4 mod_auth_ldap: Added some documentation.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45
468
eb771cbbf410 Incorporated feedback from Daniel Pocock
MWild1@gmail.com
parents: 450
diff changeset
46 || 0.8 and above || should work ||