Mercurial > prosody-wiki
comparison mod_auth_ldap.wiki @ 420:eb372e6bb82f
mod_auth_ldap: Document the ldap_mode option
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 21 Jan 2014 20:26:30 +0100 |
| parents | 6c54b5a7ccfb |
| children | 7e5c6a70af1e |
comparison
equal
deleted
inserted
replaced
| 419:fdff0de712a7 | 420:eb372e6bb82f |
|---|---|
| 11 | 11 |
| 12 Copy the module to the prosody modules/plugins directory. | 12 Copy the module to the prosody modules/plugins directory. |
| 13 | 13 |
| 14 In Prosody's configuration file, under the desired host section, add: | 14 In Prosody's configuration file, under the desired host section, add: |
| 15 {{{ | 15 {{{ |
| 16 authentication = "ldap" | 16 authentication = "ldap" |
| 17 }}} | 17 }}} |
| 18 | 18 |
| 19 LDAP options are: | 19 LDAP options are: |
| 20 || *Name* || *Description* || *Default value* || | 20 || *Name* || *Description* || *Default value* || |
| 21 || ldap_server || space-separated list of hostnames or IPs || "localhost" || | 21 || ldap_server || space-separated list of hostnames or IPs || "localhost" || |
| 23 || ldap_password || the password || "" || | 23 || ldap_password || the password || "" || |
| 24 || ldap_filter || search filter, with %s substituded for username || "(uid=%s)" || | 24 || ldap_filter || search filter, with %s substituded for username || "(uid=%s)" || |
| 25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || | 25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || |
| 26 || ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false || | 26 || ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false || |
| 27 || ldap_base || LDAP base directory which stores user accounts || this is required || | 27 || ldap_base || LDAP base directory which stores user accounts || this is required || |
| 28 || ldap_mode || How to validate passwords. Other option is "bind" || "getpasswd" || | |
| 29 | |
| 30 = Modes = | |
| 31 | |
| 32 The "getpasswd" mode requires plain text access to passwords in LDAP and | |
| 33 feeds them into Prosodys authentication system. This enables more secure | |
| 34 authentication mechanisms but does not work for all deployments. | |
| 35 | |
| 36 The "bind" performs an LDAP bind, does not require plain text access to | |
| 37 passwords but limits you to the PLAIN authentication mechanism. | |
| 28 | 38 |
| 29 = Compatibility = | 39 = Compatibility = |
| 30 | 40 |
| 31 || 0.8 and above || should work || | 41 || 0.8 and above || should work || |