Annotate

mod_auth_ldap/README.markdown @ 4515:2e33eeafe962

mod_muc_markers: Prevent any markers from reaching the archive, even if untracked Original intention was to leave alone things that this module isn't handling. However markers in archives are just problematic without more advanced logic about what is markable and what is not. It also requires a more advanced query in mod_muc_rai to determine the latest markable message instead of the latest archived message. I'd rather keep the "is archivable" and "is markable" definition the same for simplicity. I don't want to introduce yet another set of rules for no reason. No markers in MAM.
author Matthew Wild <mwild1@gmail.com>
date Mon, 22 Mar 2021 15:55:02 +0000
parent 3954:7a2998e48545
child 4717:f4f07891c4cc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
2 labels:
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
3 - 'Stage-Alpha'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
4 - 'Type-Auth'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
5 summary: LDAP authentication module
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
6 ...
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
8 Introduction
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
9 ============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 This is a Prosody authentication plugin which uses LDAP as the backend.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
13 Dependecies
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
14 ===========
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
3954
7a2998e48545 mod_auth_ldap: Fix broken link to LuaLDAP
Kim Alvefur <zash@zash.se>
parents: 3326
diff changeset
16 This module depends on [LuaLDAP](https://github.com/lualdap/lualdap)
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
17 for connecting to an LDAP server.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
19 Configuration
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
20 =============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 Copy the module to the prosody modules/plugins directory.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 In Prosody's configuration file, under the desired host section, add:
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
25
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
26 ``` {.lua}
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
27 authentication = "ldap"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
28 ldap_base = "ou=people,dc=example,dc=com"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
29 ```
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
31 Further LDAP options are:
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
3326
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
33 Name Description Default value
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
34 --------------------- ---------------------------------------------------------------------------------------------------------------------- --------------------
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
35 ldap\_base LDAP base directory which stores user accounts **Required field**
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
36 ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") `"localhost"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
37 ldap\_rootdn The distinguished name to auth against `""` (anonymous)
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
38 ldap\_password Password for rootdn `""`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
39 ldap\_filter Search filter, with `$user` and `$host` substituted for user- and hostname `"(uid=$user)"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
40 ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
41 ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
42 ldap\_mode How passwords are validated. `"bind"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents: 3325
diff changeset
43 ldap\_admin\_filter Search filter to match admins, works like ldap\_filter
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
44
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
45 **Note:** lua-ldap reads from `/etc/ldap/ldap.conf` and other files like
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
46 `~prosody/.ldaprc` if they exist. Users wanting to use a particular TLS
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
47 root certificate can specify it in the normal way using TLS\_CACERT in
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 the OpenLDAP config file.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
50 Modes
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
51 =====
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
53 The `"getpasswd"` mode requires plain text access to passwords in LDAP
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
54 and feeds them into Prosodys authentication system. This enables more
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
55 secure authentication mechanisms but does not work for all deployments.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
57 The `"bind"` mode performs an LDAP bind, does not require plain text
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
58 access to passwords but limits you to the PLAIN authentication
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
59 mechanism.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
61 Compatibility
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
62 =============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
64 Works with 0.8 and later.