The "ldapauth" Module (v4)
Description
This module allows connecting users to be authenticated against an LDAP database.
Configuration
To load this module use the following <module> tag:
<module name="ldapauth">
<ldapauth>
The <ldapauth> tag defines settings about how the ldapauth module should behave. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| attribute | Text | None | Required! The attribute which is used to locate an account by name. On POSIX systems this is usually "uid". |
| baserdn | Text | None | Required! The base Distinguished Name to search in for users. |
| dbid | Text | None | Required! The id of the <database> tag that contains the required LDAP configuration. See the docs for the ldap module for more information. |
| field | Text | nickname | The field to read the LDAP username from. |
| host | Text | None | If defined then the vhost to set on connecting users. |
| killreason | Text | None | Required! The message to kill users that fail to authenticate with. |
| verbose | Boolean | No | Whether to log failed authentications to snomask a (local) and snomask A (remote). |
The field field should be set to one of the following values:
| Value | Description |
|---|---|
| nickname | Use the user's nickname for authenticating against LDAP. |
| username | Use the user's username for authenticating against LDAP. |
| password | Use the user's password (in the format username:password) for authenticating against LDAP. |
Example Usage
<ldapauth attribute="uid"
baserdn="ou=People,dc=example,dc=com"
dbid="ldap-users"
host="$cn.example.com"
killreason="Access denied"
userfield="no"
verbose="yes">
<ldapexemption>
The <ldapexemption> tag defines nick!user@host or nick!user@ip/cidr mask which are exempt from the authentication requirement. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| mask | Text | None | Required! A nick!user@host or nick!user@ip/cidr mask which is exempt from the authentication requirement. |
Example Usage
<ldapexemption mask="*!*@127.0.0.0/8">
<ldaprequire>
The <ldaprequire> tag defines LDAP attributes that must be set on users in order for them to be able to connect. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| attribute | Text | None | Required! The name of an LDAP attribute that must be set on a user. |
| value | Text | None | Required! The value of an LDAP attribute that must be set on a user. |
Example Usage
<ldaprequire attribute="ou"
value="People">