Software /
code /
prosody-modules
Diff
mod_auth_ldap/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Aug 2015 18:03:58 +0200 |
parent | 1782:29f3d6b7ad16 |
child | 1822:ce2ca509a88c |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_auth_ldap/README.markdown Fri Aug 28 18:03:58 2015 +0200 @@ -0,0 +1,66 @@ +--- +labels: +- 'Stage-Alpha' +- 'Type-Auth' +summary: LDAP authentication module +... + +***Note:** A modified version of this module is available, but is not +yet committed here. The plan is to merge them, for more info see [this +thread](http://groups.google.com/group/prosody-dev/browse_thread/thread/282e876116ae4177/906121492495ad35#906121492495ad35).* + +Introduction +============ + +This is a Prosody authentication plugin which uses LDAP as the backend. + +Dependecies +=========== + +This module depends on [LuaLDAP](http://www.keplerproject.org/lualdap/) +for connecting to an LDAP server. + +Configuration +============= + +Copy the module to the prosody modules/plugins directory. + +In Prosody's configuration file, under the desired host section, add: + + authentication = "ldap" + ldap_base = "ou=people,dc=example,dc=com" + +LDAP options are: + + Name Description Default value + ---------------- ---------------------------------------------------------------------------------------------------------------------- ------------------ + ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") "localhost" + ldap\_rootdn The distinguished name to auth against "" (anonymous) + ldap\_password Password for rootdn "" + ldap\_filter Search filter, with \$user and $host substituded for user- and hostname | "(uid=$user)" + ldap\_scope Search scope. other values: "base" and "subtree" "onelevel" + ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. false + ldap\_base LDAP base directory which stores user accounts This is required + ldap\_mode How passwords are validated. "bind" + +**Note:** lua-ldap reads from /etc/ldap/ldap.conf and other files like +\~prosody/.ldaprc if they exist. Users wanting to use a particular TLS +root certificate can specify it in the normal way using TLS\_CACERT in +the OpenLDAP config file. + +Modes +===== + +The "getpasswd" mode requires plain text access to passwords in LDAP and +feeds them into Prosodys authentication system. This enables more secure +authentication mechanisms but does not work for all deployments. + +The "bind" performs an LDAP bind, does not require plain text access to +passwords but limits you to the PLAIN authentication mechanism. + +Compatibility +============= + + --------------- ------------- + 0.8 and above should work + --------------- -------------