prosody-modules
4d73a1a6ba68
mod_auth_ldap/README.markdown
Software / code / prosody-modules
Comparison
mod_auth_ldap/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Aug 2015 18:03:58 +0200 |
| parent | 1782:mod_auth_ldap/README.wiki@29f3d6b7ad16 |
| child | 1822:ce2ca509a88c |
comparison
equal
deleted
inserted
replaced
| 1802:0ab737feada6 | 1803:4d73a1a6ba68 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Alpha' | |
| 4 - 'Type-Auth' | |
| 5 summary: LDAP authentication module | |
| 6 ... | |
| 7 | |
| 8 ***Note:** A modified version of this module is available, but is not | |
| 9 yet committed here. The plan is to merge them, for more info see [this | |
| 10 thread](http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35).* | |
| 11 | |
| 12 Introduction | |
| 13 ============ | |
| 14 | |
| 15 This is a Prosody authentication plugin which uses LDAP as the backend. | |
| 16 | |
| 17 Dependecies | |
| 18 =========== | |
| 19 | |
| 20 This module depends on [LuaLDAP](http://www.keplerproject.org/lualdap/) | |
| 21 for connecting to an LDAP server. | |
| 22 | |
| 23 Configuration | |
| 24 ============= | |
| 25 | |
| 26 Copy the module to the prosody modules/plugins directory. | |
| 27 | |
| 28 In Prosody's configuration file, under the desired host section, add: | |
| 29 | |
| 30 authentication = "ldap" | |
| 31 ldap_base = "ou=people,dc=example,dc=com" | |
| 32 | |
| 33 LDAP options are: | |
| 34 | |
| 35 Name Description Default value | |
| 36 ---------------- ---------------------------------------------------------------------------------------------------------------------- ------------------ | |
| 37 ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") "localhost" | |
| 38 ldap\_rootdn The distinguished name to auth against "" (anonymous) | |
| 39 ldap\_password Password for rootdn "" | |
| 40 ldap\_filter Search filter, with \$user and $host substituded for user- and hostname | "(uid=$user)" | |
| 41 ldap\_scope Search scope. other values: "base" and "subtree" "onelevel" | |
| 42 ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. false | |
| 43 ldap\_base LDAP base directory which stores user accounts This is required | |
| 44 ldap\_mode How passwords are validated. "bind" | |
| 45 | |
| 46 **Note:** lua-ldap reads from /etc/ldap/ldap.conf and other files like | |
| 47 \~prosody/.ldaprc if they exist. Users wanting to use a particular TLS | |
| 48 root certificate can specify it in the normal way using TLS\_CACERT in | |
| 49 the OpenLDAP config file. | |
| 50 | |
| 51 Modes | |
| 52 ===== | |
| 53 | |
| 54 The "getpasswd" mode requires plain text access to passwords in LDAP and | |
| 55 feeds them into Prosodys authentication system. This enables more secure | |
| 56 authentication mechanisms but does not work for all deployments. | |
| 57 | |
| 58 The "bind" performs an LDAP bind, does not require plain text access to | |
| 59 passwords but limits you to the PLAIN authentication mechanism. | |
| 60 | |
| 61 Compatibility | |
| 62 ============= | |
| 63 | |
| 64 --------------- ------------- | |
| 65 0.8 and above should work | |
| 66 --------------- ------------- |
