The "ldapauth" Module (v4)

Description

This module allows connecting users to be authenticated against an LDAP database.

Configuration

To load this module use the following <module> tag:

<module name="ldapauth">

<ldapauth>

The <ldapauth> tag defines settings about how the ldapauth module should behave. This tag can only be defined once.

Name Type Default Value Description
attribute Text None Required! The attribute which is used to locate an account by name. On POSIX systems this is usually "uid".
baserdn Text None Required! The base Distinguished Name to search in for users.
dbid Text None Required! The id of the <database> tag that contains the required LDAP configuration. See the docs for the ldap module for more information.
field Text nickname The field to read the LDAP username from.
host Text None If defined then the vhost to set on connecting users.
killreason Text None Required! The message to kill users that fail to authenticate with.
verbose Boolean No Whether to log failed authentications to snomask a (local) and snomask A (remote).

The field field should be set to one of the following values:

Value Description
nickname Use the user's nickname for authenticating against LDAP.
username Use the user's username for authenticating against LDAP.
password Use the user's password (in the format username:password) for authenticating against LDAP.
Example Usage
<ldapauth attribute="uid"
          baserdn="ou=People,dc=example,dc=com"
          dbid="ldap-users"
          host="$cn.example.com"
          killreason="Access denied"
          userfield="no"
          verbose="yes">

<ldapexemption>

The <ldapexemption> tag defines nick!user@host or nick!user@ip/cidr mask which are exempt from the authentication requirement. This tag can be defined as many times as required.

Name Type Default Value Description
mask Text None Required! A nick!user@host or nick!user@ip/cidr mask which is exempt from the authentication requirement.
Example Usage
<ldapexemption mask="*!*@127.0.0.0/8">

<ldaprequire>

The <ldaprequire> tag defines LDAP attributes that must be set on users in order for them to be able to connect. This tag can only be defined once.

Name Type Default Value Description
attribute Text None Required! The name of an LDAP attribute that must be set on a user.
value Text None Required! The value of an LDAP attribute that must be set on a user.
Example Usage
<ldaprequire attribute="ou"
             value="People">