InspIRCd v4 is still early in development!
If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.
You probably want to use InspIRCd v3 instead.
The "ldapauth" Module (v4)
Description
This module allows connecting users to be authenticated against an LDAP database.
Configuration
To load this module use the following <module>
tag:
<module name="ldapauth">
<ldapauth>
The <ldapauth>
tag defines settings about how the ldapauth module should behave. This tag can only be defined once.
Name | Type | Default Value | Description |
---|---|---|---|
attribute | Text | None | Required! The attribute which is used to locate an account by name. On POSIX systems this is usually "uid". |
baserdn | Text | None | Required! The base Distinguished Name to search in for users. |
dbid | Text | None | Required! The id of the <database> tag that contains the required LDAP configuration. See the docs for the ldap module for more information. |
field | Text | nickname | The field to read the LDAP username from. |
host | Text | None | If defined then the vhost to set on connecting users. |
killreason | Text | None | Required! The message to kill users that fail to authenticate with. |
verbose | Boolean | No | Whether to log failed authentications to snomask a (local) and snomask A (remote). |
The field field should be set to one of the following values:
Value | Description |
---|---|
nickname | Use the user's nickname for authenticating against LDAP. |
username | Use the user's username for authenticating against LDAP. |
password | Use the user's password (in the format username:password ) for authenticating against LDAP. |
Example Usage
<ldapauth attribute="uid"
baserdn="ou=People,dc=example,dc=com"
dbid="ldap-users"
host="$cn.example.com"
killreason="Access denied"
userfield="no"
verbose="yes">
<ldapexemption>
The <ldapexemption>
tag defines nick!user@host or nick!user@ip/cidr mask which are exempt from the authentication requirement. This tag can be defined as many times as required.
Name | Type | Default Value | Description |
---|---|---|---|
mask | Text | None | Required! A nick!user@host or nick!user@ip/cidr mask which is exempt from the authentication requirement. |
Example Usage
<ldapexemption mask="*!*@127.0.0.0/8">
<ldaprequire>
The <ldaprequire>
tag defines LDAP attributes that must be set on users in order for them to be able to connect. This tag can only be defined once.
Name | Type | Default Value | Description |
---|---|---|---|
attribute | Text | None | Required! The name of an LDAP attribute that must be set on a user. |
value | Text | None | Required! The value of an LDAP attribute that must be set on a user. |
Example Usage
<ldaprequire attribute="ou"
value="People">