prosody-modules
2bb29ece216b
mod_lib_ldap/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_lib_ldap/README.markdown @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parent 1821:79b9bd84b91c
line wrap: on
line source

---
labels:
summary: Library module for LDAP
...

Introduction
============

This module is used by other modules to access an LDAP server. It's
pretty useless on its own; you should use it if you want to write your
own LDAP-related module, or if you want to use one of mine
([mod\_auth\_ldap2](mod_auth_ldap2.html),
[mod\_storage\_ldap](mod_storage_ldap.html)).

Installation
============

Simply copy ldap.lib.lua into your Prosody installation's plugins
directory.

Configuration
=============

Configuration for this module (and all modules that use it) goes into
the *ldap* section of your prosody.cfg.lua file. Each plugin that uses
it may add their own sections; this plugin relies on the following keys:

-   hostname - Where your LDAP server is located
-   bind\_dn - The DN to perform queries as
-   bind\_password - The password to use for queries
-   use\_tls - Whether or not TLS should be used to connect to the LDAP
    server
-   user.usernamefield - The LDAP field that contains a user's username
-   user.basedn - The base DN for user records

API
===

ldap.getconnection()
--------------------

Returns an LDAP connection object corresponding to the configuration in
prosody.cfg.lua. The connection object is a
[LuaLDAP](http://www.keplerproject.org/lualdap/) connection.

ldap.getparams()
----------------

Returns the LDAP configuration provided in prosody.cfg.lua. Use this if
you want to stick some configuration information for your module into
the LDAP section in the configuration file.

ldap.bind(username, password)
-----------------------------

Verifies that *username* and *password* bind ok. **NOTE**: This does not
bind the current LDAP connection to the given username!

ldap.singlematch(query)
-----------------------

Used to fetch a single LDAP record given an LDAP query. A convenience
function.

ldap.filter.combine\_and(...)
-----------------------------

Takes a list of LDAP filter expressions and returns a filter expression
that results in the intersection of each given expression (it ANDs them
together).

More Information
================

For more information, please consult the README.html file under
prosody-modules/mod\_lib\_ldap.