Project

General

Profile

Feature #841

Updated by Daniel Curtis about 4 years ago

This is a guide on how to setup LDAP authentication for users with Prosody. The LDAP server is OpenLDAP on FreeBSD -9- 10, but should work on any LDAP server.

h2. Prepare the Environment

* Install a couple dependencies: LuaLDAP:
<pre>
pkg install lua52-lualdap mercurial
</pre>

h3. Install Prosody Modules

* Clone the prosody-module repo using mercurial:
<pre>
cd /usr/local/etc/prosody
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
</pre>

* Edit the prosody config:
<pre>
vi /usr/local/etc/prosody/prosody.cfg.lua
</pre>
#* And add the prosody-modules path to the plugins definition:
<pre>
plugin_paths = { "/usr/local/lib/prosody/modules", "/usr/local/etc/prosody/prosody-modules" }
</pre>

* Restart prosody:
<pre>
service prosody restart

</pre>

h2. Populate the LDAP Server

* Create the People Organizational Unit ldif file:
<pre>
vi ~/people-ou.ldif
</pre>
#* And add the following:
<pre>
dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
ou: People
</pre>

* Import the People OU file into the server:
<pre>
ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
</pre>

* Create the bob user ldif file:
<pre>
vi ~/bob.ldif
</pre>
#* And add the following:
<pre>
dn: cn=Bob Guy,ou=People,dc=example,dc=com
cn: Bob Guy
givenname: Bob
initials: BG
mail: bob@example.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
sn: Guy
uid: bob
userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
</pre>
#* *NOTE*: The password for bob is *password*.

h2. Setup LDAP Authentication

* Edit the ldap client config:
<pre>
vi /usr/local/etc/openldap/ldap.conf
</pre>
#* And adjust the following values:
<pre>
BASE dc=example,dc=com
URI ldap://ldap.example.com
</pre>

* Edit the prosody config:
<pre>
vi /usr/local/etc/prosody/prosody.cfg.lua
</pre>
#* And add the following values to the VirtualHost block:
<pre>
VirtualHost "example.com"
enabled = true

authentication = "ldap"
ldap_base = "ou=People,dc=example,dc=com"
ldap_server = "ldap.example.com"
ldap_rootdn = "cn=Manager,dc=example,dc=com"
ldap_password = "SuperSecretPassword"

ssl = {
key = "/usr/local/etc/ssl/prosody.example.com.key";
certificate = "/usr/local/etc/ssl/prosody.example.com.crt";
}
</pre>

h2. Resources

* https://modules.prosody.im/mod_auth_ldap.html
* https://blogs.mafia-server.net/nur-bahnhof/2013/12/prosody-authentification-ldapactivedirectory/

Back