# HG changeset patch # User MWild1@gmail.com # Date 1405943803 0 # Node ID eb771cbbf410777382ea042f5bfb178ddbc18dde # Parent 739ba93e66f2ea7407ddd6358e7714ed6f9a9205 Incorporated feedback from Daniel Pocock diff -r 739ba93e66f2 -r eb771cbbf410 mod_auth_ldap.wiki --- a/mod_auth_ldap.wiki Tue Jul 15 16:42:55 2014 +0000 +++ b/mod_auth_ldap.wiki Mon Jul 21 11:56:43 2014 +0000 @@ -18,15 +18,20 @@ LDAP options are: || *Name* || *Description* || *Default value* || -|| ldap_server || space-separated list of hostnames or IPs || "localhost" || +|| ldap_server || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost" || || ldap_rootdn || the distinguished name to auth against || "" (anonymous) || || ldap_password || the password || "" || || ldap_filter || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)" || || ldap_scope || search scope. other values: "base" and "subtree" || "onelevel" || -|| ldap_tls || Use TLS to connect to LDAP? (can be true or false) || false || +|| ldap_tls || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false || || ldap_base || LDAP base directory which stores user accounts || This is required || || ldap_mode || How passwords are validated. || "getpasswd" if ldap_rootdn is set, "bind" otherwise || +*Note:* lua-ldap reads from /etc/ldap/ldap.conf and other files like +~prosody/.ldaprc if they exist. Users wanting to use a particular TLS +root certificate can specify it in the normal way using TLS_CACERT in +the OpenLDAP config file. + = Modes = The "getpasswd" mode requires plain text access to passwords in LDAP and @@ -38,4 +43,4 @@ = Compatibility = -|| 0.8 and above || should work || +|| 0.8 and above || should work || \ No newline at end of file