prosody-modules
72df72b9ee20
mod_auth_ldap/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_auth_ldap/README.markdown @ 1872:72df72b9ee20

mod_csi/README: Link to XEP
author Kim Alvefur <zash@zash.se>
date Thu, 24 Sep 2015 00:51:49 +0200
parent 1824:8435e1766054
child 1987:6d7699eda594
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
2 labels:
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
3 - 'Stage-Alpha'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
4 - 'Type-Auth'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
5 summary: LDAP authentication module
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
6 ...
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
8 Introduction
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
9 ============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 This is a Prosody authentication plugin which uses LDAP as the backend.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
13 Dependecies
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
14 ===========
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
16 This module depends on [LuaLDAP](http://www.keplerproject.org/lualdap/)
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
17 for connecting to an LDAP server.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
19 Configuration
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
20 =============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 Copy the module to the prosody modules/plugins directory.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 In Prosody's configuration file, under the desired host section, add:
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
25
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
26 ``` {.lua}
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
27 authentication = "ldap"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
28 ldap_base = "ou=people,dc=example,dc=com"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
29 ```
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
31 Further LDAP options are:
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
33 Name Description Default value
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
34 ---------------- ---------------------------------------------------------------------------------------------------------------------- --------------------
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
35 ldap\_base LDAP base directory which stores user accounts **Required field**
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
36 ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") `"localhost"`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
37 ldap\_rootdn The distinguished name to auth against `"" (anonymous)`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
38 ldap\_password Password for rootdn `""`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
39 ldap\_filter Search filter, with `$user` and `$host` substituded for user- and hostname `"(uid=$user)"`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
40 ldap\_scope Search scope. other values: "base" and "subtree" `"onelevel"`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
41 ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false`
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
42 ldap\_mode How passwords are validated. `"bind"`
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
43
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
44 **Note:** lua-ldap reads from `/etc/ldap/ldap.conf` and other files like
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
45 `~prosody/.ldaprc` if they exist. Users wanting to use a particular TLS
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
46 root certificate can specify it in the normal way using TLS\_CACERT in
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 the OpenLDAP config file.
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
49 Modes
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
50 =====
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
52 The `"getpasswd"` mode requires plain text access to passwords in LDAP
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
53 and feeds them into Prosodys authentication system. This enables more
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
54 secure authentication mechanisms but does not work for all deployments.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
1824
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
56 The `"bind"` mode performs an LDAP bind, does not require plain text
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
57 access to passwords but limits you to the PLAIN authentication
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks
Kim Alvefur <zash@zash.se>
parents: 1823
diff changeset
58 mechanism.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
60 Compatibility
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
61 =============
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
1823
50d3383a2e08 mod_auth_ldap/README: Minor tweaks
Kim Alvefur <zash@zash.se>
parents: 1822
diff changeset
63 Works with 0.8 and later.