Software /
code /
prosody-modules
Annotate
mod_auth_ldap/README.markdown @ 4515:2e33eeafe962
mod_muc_markers: Prevent any markers from reaching the archive, even if untracked
Original intention was to leave alone things that this module isn't
handling. However markers in archives are just problematic without
more advanced logic about what is markable and what is not. It also
requires a more advanced query in mod_muc_rai to determine the latest
markable message instead of the latest archived message.
I'd rather keep the "is archivable" and "is markable" definition the
same for simplicity. I don't want to introduce yet another set of rules
for no reason.
No markers in MAM.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 22 Mar 2021 15:55:02 +0000 |
parent | 3954:7a2998e48545 |
child | 4717:f4f07891c4cc |
rev | line source |
---|---|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
1 --- |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
2 labels: |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
3 - 'Stage-Alpha' |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
4 - 'Type-Auth' |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
5 summary: LDAP authentication module |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
6 ... |
1782 | 7 |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
8 Introduction |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
9 ============ |
1782 | 10 |
11 This is a Prosody authentication plugin which uses LDAP as the backend. | |
12 | |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
13 Dependecies |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
14 =========== |
1782 | 15 |
3954
7a2998e48545
mod_auth_ldap: Fix broken link to LuaLDAP
Kim Alvefur <zash@zash.se>
parents:
3326
diff
changeset
|
16 This module depends on [LuaLDAP](https://github.com/lualdap/lualdap) |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
17 for connecting to an LDAP server. |
1782 | 18 |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
19 Configuration |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
20 ============= |
1782 | 21 |
22 Copy the module to the prosody modules/plugins directory. | |
23 | |
24 In Prosody's configuration file, under the desired host section, add: | |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
25 |
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
26 ``` {.lua} |
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
27 authentication = "ldap" |
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
28 ldap_base = "ou=people,dc=example,dc=com" |
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
29 ``` |
1782 | 30 |
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
31 Further LDAP options are: |
1782 | 32 |
3326
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
33 Name Description Default value |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
34 --------------------- ---------------------------------------------------------------------------------------------------------------------- -------------------- |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
35 ldap\_base LDAP base directory which stores user accounts **Required field** |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
36 ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") `"localhost"` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
37 ldap\_rootdn The distinguished name to auth against `""` (anonymous) |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
38 ldap\_password Password for rootdn `""` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
39 ldap\_filter Search filter, with `$user` and `$host` substituted for user- and hostname `"(uid=$user)"` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
40 ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
41 ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
42 ldap\_mode How passwords are validated. `"bind"` |
5e0193a27c53
mod_auth_ldap: Correct name of admin option (thanks pep.)
Kim Alvefur <zash@zash.se>
parents:
3325
diff
changeset
|
43 ldap\_admin\_filter Search filter to match admins, works like ldap\_filter |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
44 |
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
45 **Note:** lua-ldap reads from `/etc/ldap/ldap.conf` and other files like |
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
46 `~prosody/.ldaprc` if they exist. Users wanting to use a particular TLS |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
47 root certificate can specify it in the normal way using TLS\_CACERT in |
1782 | 48 the OpenLDAP config file. |
49 | |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
50 Modes |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
51 ===== |
1782 | 52 |
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
53 The `"getpasswd"` mode requires plain text access to passwords in LDAP |
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
54 and feeds them into Prosodys authentication system. This enables more |
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
55 secure authentication mechanisms but does not work for all deployments. |
1782 | 56 |
1824
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
57 The `"bind"` mode performs an LDAP bind, does not require plain text |
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
58 access to passwords but limits you to the PLAIN authentication |
8435e1766054
mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents:
1823
diff
changeset
|
59 mechanism. |
1782 | 60 |
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
61 Compatibility |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
62 ============= |
1782 | 63 |
1823
50d3383a2e08
mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents:
1822
diff
changeset
|
64 Works with 0.8 and later. |