Project

General

Profile

Feature #841

Setup LDAP Authentication for Prosody

Added by Daniel Curtis over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Directory Server
Target version:
FreeBSD 10
Start date:
08/07/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
0.50 h

Description

This is a guide on how to setup LDAP authentication for users with Prosody. The LDAP server is OpenLDAP on FreeBSD 9 10, but should work on any LDAP server.

Prepare the Environment

  • Install a couple dependencies:
    pkg install mercurial portmaster
  • Update the ports tree:
    portsnap fetch extract
  • Set the make.conf file to use Lua 5.1 at the default version to use while building:
    echo "DEFAULT_VERSIONS+= lua=5.1" >> /etc/make.conf
  • Install lualdap:
    portmaster net/lualdap

Install Prosody Modules

  • Clone the prosody-module repo using mercurial:
    cd /usr/local/etc/prosody
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
  • Edit the prosody config:
    vi /usr/local/etc/prosody/prosody.cfg.lua
    • And add the prosody-modules path to the plugins definition:
      plugin_paths = { "/usr/local/lib/prosody/modules", "/usr/local/etc/prosody/prosody-modules" }
  • Restart prosody:
    service prosody restart

Populate the LDAP Server

  • Create the People Organizational Unit ldif file:
    vi ~/people-ou.ldif
    • And add the following:
      dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
ou: People
  • Import the People OU file into the server:
    ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
  • Create the bob user ldif file:
    vi ~/bob.ldif
    • And add the following:
      dn: cn=Bob Guy,ou=People,dc=example,dc=com
cn: Bob Guy
givenname: Bob
initials: BG
mail: bob@example.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
sn: Guy
uid: bob
userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
    • NOTE: The password for bob is password.

Setup LDAP Authentication

  • Edit the ldap client config:
    vi /usr/local/etc/openldap/ldap.conf
    • And adjust the following values:
      BASE   dc=example,dc=com
URI    ldap://ldap.example.com
  • Edit the prosody config:
    vi /usr/local/etc/prosody/prosody.cfg.lua
    • And add the following values to the VirtualHost block:
      VirtualHost "example.com" 
    enabled = true

    authentication = "ldap" 
    ldap_base = "ou=People,dc=example,dc=com" 
    ldap_server = "ldap.example.com" 
    ldap_rootdn = "cn=Manager,dc=example,dc=com" 
    ldap_password = "SuperSecretPassword" 
    ldap_filter: (mail=%U@example.com)

    ssl = {
        key = "/usr/local/etc/ssl/prosody.example.com.key";
        certificate = "/usr/local/etc/ssl/prosody.example.com.crt";
    }

Resources

Also available in: Atom PDF