mirror of
https://github.com/SaraSmiseth/prosody.git
synced 2025-01-18 13:10:37 +00:00
Add LDAP authentication support to Prosody (#50)
This commit adds support for LDAP authentication. The Dockerfile has been modified to install the required Lua modules (lua-ldap) and the prosody.cfg.lua file has been modified to add environment variables for configuring the LDAP connection. These environment variables include LDAP_BASE, LDAP_SERVER, LDAP_ROOTDN, LDAP_PASSWORD, LDAP_FILTER, LDAP_SCOPE, LDAP_TLS, LDAP_MODE, and LDAP_ADMIN_FILTER. The authentication variable has also been updated to use the value of the AUTHENTICATION environment variable, which defaults to "internal_hashed" if not set. This allows users to configure Prosody to use LDAP for authentication instead of the default internal hashing method. * Update test dependencies: aioxmpp, pytest-asyncio + add pytz to requirements.txt This fixes the following error when running the tests: E ModuleNotFoundError: No module named 'pytz' Instead of pytz only pytz-deprecation-shim was installed. TODO Check if "pytz" can be removed from requirements.txt later on.
This commit is contained in:
parent
f7fcfd5d88
commit
81e9c1abd9
4 changed files with 53 additions and 31 deletions
|
@ -35,6 +35,7 @@ RUN apt-get update \
|
|||
lua-dbi-mysql \
|
||||
lua-expat \
|
||||
lua-filesystem \
|
||||
lua-ldap \
|
||||
lua-socket \
|
||||
lua-sec \
|
||||
lua-unbound \
|
||||
|
|
|
@ -15,7 +15,17 @@ c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
|
|||
s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION");
|
||||
s2s_secure_auth = os.getenv("S2S_SECURE_AUTH");
|
||||
|
||||
authentication = "internal_hashed";
|
||||
authentication = os.getenv("AUTHENTICATION") or "internal_hashed";
|
||||
|
||||
ldap_base = os.getenv("LDAP_BASE");
|
||||
ldap_server = os.getenv("LDAP_SERVER") or "localhost";
|
||||
ldap_rootdn = os.getenv("LDAP_ROOTDN") or "";
|
||||
ldap_password = os.getenv("LDAP_PASSWORD") or "";
|
||||
ldap_filter = os.getenv("LDAP_FILTER") or "(uid=$user)";
|
||||
ldap_scope = os.getenv("LDAP_SCOPE") or "subtree";
|
||||
ldap_tls = os.getenv("LDAP_TLS") or "false";
|
||||
ldap_mode = os.getenv("LDAP_MODE") or "bind";
|
||||
ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or "";
|
||||
|
||||
log = {
|
||||
{levels = {min = os.getenv("LOG_LEVEL")}, to = "console"};
|
||||
|
|
12
readme.md
12
readme.md
|
@ -198,13 +198,23 @@ sudo chown 999:999 ./data
|
|||
#### Environment variables
|
||||
|
||||
| Variable | Description | Type | Default value |
|
||||
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
|
||||
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | -------------------------- |
|
||||
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true |
|
||||
| **DOMAIN** | domain | **required** | null |
|
||||
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** |
|
||||
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** |
|
||||
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** |
|
||||
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** |
|
||||
| **AUTHENTICATION** | authentication | *optional* | "internal_hashed" |
|
||||
| **LDAP_BASE** | LDAP base directory which stores user accounts | **required** if **AUTHENTICATION** is "ldap" | |
|
||||
| **LDAP_SERVER** | Space-separated list of hostnames or IPs, optionally with port numbers (e.g. “localhost:8389”) | *optional* | "localhost" |
|
||||
| **LDAP_ROOTDN** | The distinguished name to auth against | *optional* | "" |
|
||||
| **LDAP_PASSWORD** | Password for rootdn | *optional* | "" |
|
||||
| **LDAP_FILTER** | Search filter, with $user and $host substituted for user- and hostname | *optional* | "(uid=$user)" |
|
||||
| **LDAP_SCOPE** | Search scope. other values: “base” and “onelevel” | *optional* | "subtree" |
|
||||
| **LDAP_TLS** | Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard ‘LDAPS’ protocol is not supported. | *optional* | "false" |
|
||||
| **LDAP_MODE** | How passwords are validated. | *optional* | "bind" |
|
||||
| **LDAP_ADMIN_FILTER** | Search filter to match admins, works like ldap_filter | *optional* | "" |
|
||||
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 |
|
||||
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite |
|
||||
| **DB_HOST** | The address of the database server | *optional* | |
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
aioxmpp==0.13.2
|
||||
aioxmpp==0.13.3
|
||||
pip-chill==1.0.1
|
||||
pytest-asyncio==0.18.3
|
||||
pytest-asyncio==0.21.0
|
||||
pytz==2022.7.1
|
||||
|
|
Loading…
Reference in a new issue