Mercurial > prosody-wiki
comparison mod_auth_ldap.wiki @ 472:bb454e0cb7fc
Update mod_auth_ldap page
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 05 Aug 2014 15:38:11 +0200 |
parents | eb771cbbf410 |
children |
comparison
equal
deleted
inserted
replaced
471:5fbe553241a8 | 472:bb454e0cb7fc |
---|---|
5 | 5 |
6 = Introduction = | 6 = Introduction = |
7 | 7 |
8 This is a Prosody authentication plugin which uses LDAP as the backend. | 8 This is a Prosody authentication plugin which uses LDAP as the backend. |
9 | 9 |
10 = Dependecies = | |
11 | |
12 This module depends on [http://www.keplerproject.org/lualdap/ LuaLDAP] for connecting to an LDAP server. | |
13 | |
10 = Configuration = | 14 = Configuration = |
11 | 15 |
12 Copy the module to the prosody modules/plugins directory. | 16 Copy the module to the prosody modules/plugins directory. |
13 | 17 |
14 In Prosody's configuration file, under the desired host section, add: | 18 In Prosody's configuration file, under the desired host section, add: |
15 {{{ | 19 {{{ |
16 authentication = "ldap" | 20 authentication = "ldap" |
21 ldap_base = "ou=people,dc=example,dc=com" | |
17 }}} | 22 }}} |
18 | 23 |
19 LDAP options are: | 24 LDAP options are: |
20 || *Name* || *Description* || *Default value* || | 25 || *Name* || *Description* || *Default value* || |
21 || ldap_server || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || | 26 || ldap_server || Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || |
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || | 27 || ldap_rootdn || The distinguished name to auth against || "" (anonymous) || |
23 || ldap_password || the password || "" || | 28 || ldap_password || Password for rootdn || "" || |
24 || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || | 29 || ldap_filter || Search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || |
25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || | 30 || ldap_scope || Search scope. other values: "base" and "subtree" || "onelevel" || |
26 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || | 31 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || |
27 || ldap_base || LDAP base directory which stores user accounts || This is required || | 32 || ldap_base || LDAP base directory which stores user accounts || This is required || |
28 || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise || | 33 || ldap_mode || How passwords are validated. || "bind" || |
29 | 34 |
30 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like | 35 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like |
31 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS | 36 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS |
32 root certificate can specify it in the normal way using TLS_CACERT in | 37 root certificate can specify it in the normal way using TLS_CACERT in |
33 the OpenLDAP config file. | 38 the OpenLDAP config file. |