Mercurial > prosody-wiki
comparison mod_auth_ldap.wiki @ 468:eb771cbbf410
Incorporated feedback from Daniel Pocock
author | MWild1@gmail.com |
---|---|
date | Mon, 21 Jul 2014 11:56:43 +0000 |
parents | 042161223488 |
children | bb454e0cb7fc |
comparison
equal
deleted
inserted
replaced
467:739ba93e66f2 | 468:eb771cbbf410 |
---|---|
16 authentication = "ldap" | 16 authentication = "ldap" |
17 }}} | 17 }}} |
18 | 18 |
19 LDAP options are: | 19 LDAP options are: |
20 || *Name* || *Description* || *Default value* || | 20 || *Name* || *Description* || *Default value* || |
21 || ldap_server || space-separated list of hostnames or IPs || "localhost" || | 21 || ldap_server || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || |
22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || | 22 || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || |
23 || ldap_password || the password || "" || | 23 || ldap_password || the password || "" || |
24 || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || | 24 || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || |
25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || | 25 || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || |
26 || ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false || | 26 || ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || |
27 || ldap_base || LDAP base directory which stores user accounts || This is required || | 27 || ldap_base || LDAP base directory which stores user accounts || This is required || |
28 || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise || | 28 || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise || |
29 | |
30 *Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like | |
31 ~prosody/.ldaprc if they exist. Users wanting to use a particular TLS | |
32 root certificate can specify it in the normal way using TLS_CACERT in | |
33 the OpenLDAP config file. | |
29 | 34 |
30 = Modes = | 35 = Modes = |
31 | 36 |
32 The "getpasswd" mode requires plain text access to passwords in LDAP and | 37 The "getpasswd" mode requires plain text access to passwords in LDAP and |
33 feeds them into Prosodys authentication system. This enables more secure | 38 feeds them into Prosodys authentication system. This enables more secure |