using lualdap ( http://www.keplerproject.org/lualdap/ ) one could assert a simple
bind like this:
This would allow prosody if the supplied credentials are valid
Sadly, I am not fluid in lua and don't really have the time at the moment :(
possible in the current trunk version thanks to cyrus sasl
( --> http://blog.marc-
I'm uncertain yet whether this is enough to satisfy everyone, or whether we should
still add native support. Native support would allow to integrate vCards with LDAP I
guess, so it's probably still desirable.
Native LDAP support would be a huge win. In addition to populating vCards from LDAP
(I'm having problems getting vCards to work with SASL authenticated users, but that's
another issue), authentication configuration would be simplified. Also, allowing
multiple forms of authentication, e.g. LDAP users and a local user database, is
something that drew me to Prosody in the first place. I've implemented this by using
both auxprop with sasldb and saslauthd, but the configuration is not pretty. Also,
I'd love to not have to install Cyrus SASL on my systems.
There is a mod_auth_ldap in prosody-modules that is compatible with trunk/0.8. It requires LuaLDAP and best of all hasn't been tested... volunteers welcome :)
The new storage API in trunk/0.8 should also allow for a full LDAP storage backend to be written.
I have written a mod_auth_ldap version, based on the one posted above, which works for me with prosody 0.8 RC1 (module is attached).
It uses ldap_bind to test the user password instead of a plaintext lookup, and allows you to add an additional filter. It still assumes your username is stored in 'uid', but this should be easy to change. It does a lookup to find the DN, so it does not depend on the username to be in the DN, but requires two binds per login (should be easy to change in the code to use only one bind if the DN can be constructed from the username, but it requires a bit more code to make a single configurable module which supports both methods).
To use it, place the following in your prosody.cfg.lua
ldap_server = "servername";
ldap_base = "ou=People,dc=example,dc=org";
ldap_rootdn = "<admindn>"; -- optional
ldap_password = "<adminpw>"; -- optional
ldap_filter = "(authorizedService=jabber)"; -- optional
-- dont forget this one!
authentication = "ldap";