From d5792ed75ec807b01c6f31ff23f7ee183f57dc20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20R=C3=A9mond?= Date: Tue, 17 Oct 2006 12:35:47 +0000 Subject: * src/ejabberd_auth_ldap.erl: LDAP authentication now allows to match on several alternative attributes. * src/mod_vcard_ldap.erl: Likewise. * doc/guide.tex: Updated. * eldap_utils.erl: Refactoring. * src/eldap/Makefile.in: Likewise. SVN Revision: 661 --- doc/guide.html | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) (limited to 'doc/guide.html') diff --git a/doc/guide.html b/doc/guide.html index 3c03f28c..df389668 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -521,7 +521,7 @@ Domain example.net is using the internal authentication method while {host_config, "example.com", [{auth_method, ldap}, {ldap_servers, ["localhost"]}, - {ldap_uidattr, "uid"}, + {ldap_uids, [{"uid"}]}, {ldap_rootdn, "dc=localdomain"}, {ldap_rootdn, "dc=example,dc=com"}, {ldap_password, ""}]}. @@ -534,7 +534,7 @@ Domain example.net is using the internal authentication method while {host_config, "example.com", [{auth_method, ldap}, {ldap_servers, ["localhost", "otherhost"]}, - {ldap_uidattr, "uid"}, + {ldap_uids, [{"uid"}]}, {ldap_rootdn, "dc=localdomain"}, {ldap_rootdn, "dc=example,dc=com"}, {ldap_password, ""}]}. @@ -1372,15 +1372,26 @@ and SASL authentication.
You can authenticate users against an LDAP directory. Available options are:
-ldap_base
LDAP base directory which stores users - accounts. This option is required. -
ldap_uidattr
LDAP attribute which holds +ldap_base
LDAP base directory which stores + users accounts. This option is required. +
ldap_uids
LDAP attribute which holds a list + of attributes to use as alternatives for getting the JID. The value is of + the form: [{ldap_uidattr}] or [{ldap_uidattr, + ldap_uidattr_format}]. You can use as many comma separated tuples + {ldap_uidattr, ldap_uidattr_format} that is needed. The default + value is [{"uid", "%u"}]. The defaut ldap_uidattr_format + is "%u". The values for ldap_uidattr and + ldap_uidattr_format are described as follow: +
+ ldap_uidattr
LDAP attribute which holds the user's part of a JID. The default value is "uid". -
ldap_uidattr_format
Format of the - ldap_uidattr variable. The format must contain one and only one - pattern variable "%u" which will be replaced by the user's part of a - JID. For example, "%u@example.org". The default value is "%u". -
ldap_filter
+
ldap_uidattr_format
Format of + the ldap_uidattr variable. The format must contain one and + only one pattern variable "%u" which will be replaced by the + user's part of a JID. For example, "%u@example.org". The default + value is "%u". +
+
ldap_filter
RFC 2254 LDAP filter. The default is none. Example: "(&(objectClass=shadowAccount)(memberOf=Jabber Users))". Please, do @@ -1431,10 +1442,9 @@ Also we want users to search each other. Let's see how we can set it up: {ldap_password, ""}, %% define the addressbook's base {ldap_base, "ou=AddressBook,dc=example,dc=org"}, - %% user's part of JID is located in the "mail" attribute - {ldap_uidattr, "mail"}, - %% common format for our emails - {ldap_uidattr_format, "%u@mail.example.org"}, + %% uidattr: user's part of JID is located in the "mail" attribute + %% uidattr_format: common format for our emails + {ldap_uids, [{"mail", "%u@mail.example.org"}]}, %% We have to define empty filter here, because entries in addressbook does not %% belong to shadowAccount object class {ldap_filter, ""}, @@ -1480,7 +1490,7 @@ configuration is showed below: {ldap_base, "DC=office,DC=org"}. % Search base of LDAP directory {ldap_rootdn, "CN=Administrator,CN=Users,DC=office,DC=org"}. % LDAP manager {ldap_password, "*******"}. % Password to LDAP manager - {ldap_uidattr, "sAMAccountName"}. + {ldap_uids, [{"sAMAccountName"}]}. {ldap_filter, "(memberOf=*)"}. {mod_vcard_ldap, @@ -2881,10 +2891,9 @@ Also we want users to search each other. Let's see how we can set it up: {ldap_password, ""}, %% define the addressbook's base {ldap_base, "ou=AddressBook,dc=example,dc=org"}, - %% user's part of JID is located in the "mail" attribute - {ldap_uidattr, "mail"}, - %% common format for our emails - {ldap_uidattr_format, "%u@mail.example.org"}, + %% uidattr: user's part of JID is located in the "mail" attribute + %% uidattr_format: common format for our emails + {ldap_uids, [{"mail","%u@mail.example.org"}]}, %% We have to define empty filter here, because entries in addressbook does not %% belong to shadowAccount object class {ldap_filter, ""}, -- cgit v1.2.3