prosody-modules: mod_auth_ldap/README.markdown@39c2824c2880 (annotated)

1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	1	---
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	2	labels:
4721 f4f07891c4cc mod_auth_ldap: Mark as Merged into Prosody Kim Alvefur <zash@zash.se> parents: 3958 diff changeset	3	- 'Stage-Merged'
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	4	- 'Type-Auth'
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	5	summary: LDAP authentication module
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	6	...
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	7
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	8	Introduction
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	9	============
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	10
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	11	This is a Prosody authentication plugin which uses LDAP as the backend.
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	12
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	13	Dependecies
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	14	===========
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	15
3958 7a2998e48545 mod_auth_ldap: Fix broken link to LuaLDAP Kim Alvefur <zash@zash.se> parents: 3330 diff changeset	16	This module depends on [LuaLDAP](https://github.com/lualdap/lualdap)
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	17	for connecting to an LDAP server.
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	18
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	19	Configuration
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	20	=============
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	21
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	22	Copy the module to the prosody modules/plugins directory.
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	23
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	24	In Prosody's configuration file, under the desired host section, add:
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	25
1827 50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	26	``` {.lua}
50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	27	authentication = "ldap"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	28	ldap_base = "ou=people,dc=example,dc=com"
50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	29	```
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	30
1827 50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	31	Further LDAP options are:
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	32
3330 5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	33	Name Description Default value
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	34	--------------------- ---------------------------------------------------------------------------------------------------------------------- --------------------
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	35	ldap\_base LDAP base directory which stores user accounts Required field
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	36	ldap\_server Space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") `"localhost"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	37	ldap\_rootdn The distinguished name to auth against `""` (anonymous)
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	38	ldap\_password Password for rootdn `""`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	39	ldap\_filter Search filter, with `$user` and `$host` substituted for user- and hostname `"(uid=$user)"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	40	ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	41	ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	42	ldap\_mode How passwords are validated. `"bind"`
5e0193a27c53 mod_auth_ldap: Correct name of admin option (thanks pep.) Kim Alvefur <zash@zash.se> parents: 3329 diff changeset	43	ldap\_admin\_filter Search filter to match admins, works like ldap\_filter
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	44
1828 8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	45	Note: lua-ldap reads from `/etc/ldap/ldap.conf` and other files like
1827 50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	46	`~prosody/.ldaprc` if they exist. Users wanting to use a particular TLS
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	47	root certificate can specify it in the normal way using TLS\_CACERT in
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	48	the OpenLDAP config file.
29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	49
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	50	Modes
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	51	=====
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	52
1828 8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	53	The `"getpasswd"` mode requires plain text access to passwords in LDAP
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	54	and feeds them into Prosodys authentication system. This enables more
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	55	secure authentication mechanisms but does not work for all deployments.
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	56
1828 8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	57	The `"bind"` mode performs an LDAP bind, does not require plain text
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	58	access to passwords but limits you to the PLAIN authentication
8435e1766054 mod_auth_ldap/README: Fix missing word and more markdown syntax tweaks Kim Alvefur <zash@zash.se> parents: 1827 diff changeset	59	mechanism.
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	60
1807 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	61	Compatibility
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1786 diff changeset	62	=============
1786 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	63
1827 50d3383a2e08 mod_auth_ldap/README: Minor tweaks Kim Alvefur <zash@zash.se> parents: 1826 diff changeset	64	Works with 0.8 and later.

author	Matthew Wild <mwild1@gmail.com>
	Sat, 24 Sep 2022 09:25:46 +0100
changeset 5062	39c2824c2880
parent 4721	f4f07891c4cc
permissions	-rw-r--r--