comparison mod_auth_ldap.wiki @ 472:bb454e0cb7fc

Update mod_auth_ldap page
author Kim Alvefur <zash@zash.se>
date Tue, 05 Aug 2014 15:38:11 +0200
parents eb771cbbf410
children
comparison
equal deleted inserted replaced
471:5fbe553241a8 472:bb454e0cb7fc
5 5
6 = Introduction = 6 = Introduction =
7 7
8 This is a Prosody authentication plugin which uses LDAP as the backend. 8 This is a Prosody authentication plugin which uses LDAP as the backend.
9 9
10 = Dependecies =
11
12 This module depends on [http://www.keplerproject.org/lualdap/ LuaLDAP] for connecting to an LDAP server.
13
10 = Configuration = 14 = Configuration =
11 15
12 Copy the module to the prosody modules/plugins directory. 16 Copy the module to the prosody modules/plugins directory.
13 17
14 In Prosody's configuration file, under the desired host section, add: 18 In Prosody's configuration file, under the desired host section, add:
15 {{{ 19 {{{
16 authentication = "ldap" 20 authentication = "ldap"
21 ldap_base = "ou=people,dc=example,dc=com"
17 }}} 22 }}}
18 23
19 LDAP options are: 24 LDAP options are:
20 || *Name* || *Description* || *Default value* || 25 || *Name* || *Description* || *Default value* ||
21 || ldap_server || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || 26 || ldap_server || Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" ||
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || 27 || ldap_rootdn || The distinguished name to auth against || "" (anonymous) ||
23 || ldap_password || the password || "" || 28 || ldap_password || Password for rootdn || "" ||
24 || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || 29 || ldap_filter || Search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" ||
25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || 30 || ldap_scope || Search scope. other values: "base" and "subtree" || "onelevel" ||
26 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || 31 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false ||
27 || ldap_base || LDAP base directory which stores user accounts || This is required || 32 || ldap_base || LDAP base directory which stores user accounts || This is required ||
28 || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise || 33 || ldap_mode || How passwords are validated. || "bind" ||
29 34
30 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like 35 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like
31 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS 36 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS
32 root certificate can specify it in the normal way using TLS_CACERT in 37 root certificate can specify it in the normal way using TLS_CACERT in
33 the OpenLDAP config file. 38 the OpenLDAP config file.