Mercurial > prosody-wiki

diff mod_auth_ldap.wiki @ 420:eb372e6bb82f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap: Document the ldap_mode option
author Kim Alvefur <zash@zash.se>
date Tue, 21 Jan 2014 20:26:30 +0100
parents 6c54b5a7ccfb
children 7e5c6a70af1e
line wrap: on
line diff
--- a/mod_auth_ldap.wiki	Sun Jan 19 22:38:16 2014 +0100
+++ b/mod_auth_ldap.wiki	Tue Jan 21 20:26:30 2014 +0100
@@ -13,7 +13,7 @@
 
 In Prosody's configuration file, under the desired host section, add:
 {{{
-    authentication = "ldap"
+	authentication = "ldap"
 }}}
 
 LDAP options are:
@@ -25,6 +25,16 @@
 || ldap_scope    || search scope. other values: "base" and "subtree"   || "onelevel"       ||
 || ldap_tls      || Use TLS to connect to LDAP? (can be true or false) || false            ||
 || ldap_base     || LDAP base directory which stores user accounts     || this is required ||
+|| ldap_mode     || How to validate passwords.  Other option is "bind" || "getpasswd"      ||
+
+= Modes =
+
+The "getpasswd" mode requires plain text access to passwords in LDAP and
+feeds them into Prosodys authentication system.  This enables more secure
+authentication mechanisms but does not work for all deployments.
+
+The "bind" performs an LDAP bind, does not require plain text access to
+passwords but limits you to the PLAIN authentication mechanism.
 
 = Compatibility =