I've developed a small suite of LDAP-based functionality for prosody,
using some code from mod_auth_ldap. The archive containing the plugins
can be found here:
http://hoelz.ro/files/prosody-ldap-plugins.tar.gz
The suite includes LDAP authentication, rosters, groups, and vCard
support. Please give it a try and let me know what you think.
Thanks,
Rob
Wow, nice, thanks! :)
I just gave a quick glance over... code looks nice, the documentation
too! I won't have time to try it out myself for some while (we're
focusing solely on the 0.9 release at the moment), but it would be
great to hear from anyone who does try them.
It would be good to get these into prosody-modules at some point. I
can give you push access to the repository if you like, but it would
be better to not overwrite the existing mod_auth_ldap there for the
moment (we now have a total of 3, yay...).
Regards,
Matthew
PS. One thing I just noticed in the docs, this:
With that note in mind, you need to set 'allow\_unencrypted\_plain\_auth' to
true in your configuration if you want to use LDAP authentication.
This shouldn't be necessary - this setting controls plain auth *only*
on unencrypted connections. Ideally all connections are encrypted, and
I don't recommend enabling this as a rule because it really is
insecure. Plaintext auth on encrypted connections is completely
allowed by default.
ldap = {
hostname = 'my.ldap.server',
user = { ... },
groups = { ... },
}
ldap = {
user = {
basedn = my_base_dn,
filter = my_filter,
usernamefield = my_username_field,
namefield = my_name_field,
--To view this discussion on the web visit https://groups.google.com/d/msg/prosody-dev/-/mcXPsaQeXv0J.
You received this message because you are subscribed to the Google Groups "prosody-dev" group.
To post to this group, send email to proso...@googlegroups.com.
To unsubscribe from this group, send email to prosody-dev...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/prosody-dev?hl=en.
The way I envisage it is one binds with an admin account first and searches for the JID using the specified attribute. When that is found the DN is extracted and a rebind happens using the password supplied by the connecting guest. If successful then the username within Prosody (SASL) function is set to the supplied JID. Thanks.
--
You received this message because you are subscribed to the Google Groups "prosody-dev" group.