File

mod_lib_ldap/README.markdown @ 5511:0860497152af

mod_http_oauth2: Record hash of client_id to allow future verification RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the client. In order to do that, we must record something that can definitely tie the client to the grant. Since the full client_id is so large (why we have this client_subset function), a hash is stored instead.
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:14:16 +0200
parent 1821:79b9bd84b91c
line wrap: on
line source

---
labels:
summary: Library module for LDAP
...

Introduction
============

This module is used by other modules to access an LDAP server. It's
pretty useless on its own; you should use it if you want to write your
own LDAP-related module, or if you want to use one of mine
([mod\_auth\_ldap2](mod_auth_ldap2.html),
[mod\_storage\_ldap](mod_storage_ldap.html)).

Installation
============

Simply copy ldap.lib.lua into your Prosody installation's plugins
directory.

Configuration
=============

Configuration for this module (and all modules that use it) goes into
the *ldap* section of your prosody.cfg.lua file. Each plugin that uses
it may add their own sections; this plugin relies on the following keys:

-   hostname - Where your LDAP server is located
-   bind\_dn - The DN to perform queries as
-   bind\_password - The password to use for queries
-   use\_tls - Whether or not TLS should be used to connect to the LDAP
    server
-   user.usernamefield - The LDAP field that contains a user's username
-   user.basedn - The base DN for user records

API
===

ldap.getconnection()
--------------------

Returns an LDAP connection object corresponding to the configuration in
prosody.cfg.lua. The connection object is a
[LuaLDAP](http://www.keplerproject.org/lualdap/) connection.

ldap.getparams()
----------------

Returns the LDAP configuration provided in prosody.cfg.lua. Use this if
you want to stick some configuration information for your module into
the LDAP section in the configuration file.

ldap.bind(username, password)
-----------------------------

Verifies that *username* and *password* bind ok. **NOTE**: This does not
bind the current LDAP connection to the given username!

ldap.singlematch(query)
-----------------------

Used to fetch a single LDAP record given an LDAP query. A convenience
function.

ldap.filter.combine\_and(...)
-----------------------------

Takes a list of LDAP filter expressions and returns a filter expression
that results in the intersection of each given expression (it ANDs them
together).

More Information
================

For more information, please consult the README.html file under
prosody-modules/mod\_lib\_ldap.