diff options
author | Badlop <badlop@process-one.net> | 2009-05-25 17:15:48 +0000 |
---|---|---|
committer | Badlop <badlop@process-one.net> | 2009-05-25 17:15:48 +0000 |
commit | 31aa201ee8ce0c016403916fee06684b15ff2829 (patch) | |
tree | 823df0c07130bae1192dccfa4f9c8c2b6c852f76 /doc | |
parent | Decrease proxy65 buffer sizes to 8192 bytes. (diff) |
Support LDAPS with TLS (EJAB-109)(thanks to Thomas Baden, Andy Harb, Sergei Golovan, Anton Podavalov)
SVN Revision: 2098
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guide.html | 17 | ||||
-rw-r--r-- | doc/guide.tex | 17 |
2 files changed, 24 insertions, 10 deletions
diff --git a/doc/guide.html b/doc/guide.html index 5bbd6ea72..467a4dfe5 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -1568,12 +1568,15 @@ create accounts, change password or edit vCard that is stored in LDAP.</P><P> <A </P><DL CLASS="description"><DT CLASS="dt-description"> <B><TT>ldap_servers</TT></B></DT><DD CLASS="dd-description"> List of IP addresses or DNS names of your LDAP servers. This option is required. +</DD><DT CLASS="dt-description"><B><TT>ldap_encrypt</TT></B></DT><DD CLASS="dd-description"> Type of connection encryption to the LDAP server. +Allowed values are: <TT>none</TT>, <TT>tls</TT>. +Note that STARTTLS is not supported. +The default value is: <TT>none</TT>. </DD><DT CLASS="dt-description"><B><TT>ldap_port</TT></B></DT><DD CLASS="dd-description"> Port to connect to your LDAP server. -The initial default value is 389, so it is used when nothing is set into the -configuration file. +The default port is 389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in <TT>ejabberd</TT>’s database. Then, if you remove that value from the configuration file, -the value previously stored in the database will be used instead of the default 389. +the value previously stored in the database will be used instead of the default port. </DD><DT CLASS="dt-description"><B><TT>ldap_rootdn</TT></B></DT><DD CLASS="dd-description"> Bind DN. The default value is <TT>""</TT> which means ‘anonymous connection’. </DD><DT CLASS="dt-description"><B><TT>ldap_password</TT></B></DT><DD CLASS="dd-description"> Bind password. The default @@ -1628,14 +1631,18 @@ Example values: <H5 CLASS="paragraph"><!--SEC ANCHOR --><A HREF="#ldapcommonexample">Common example</A></H5><!--SEC END --><P> <A NAME="ldapcommonexample"></A> </P><P>Let’s say <TT>ldap.example.org</TT> is the name of our LDAP server. We have users with their passwords in <TT>"ou=Users,dc=example,dc=org"</TT> directory. Also we have addressbook, which contains users emails and their additional -infos in <TT>"ou=AddressBook,dc=example,dc=org"</TT> directory. Corresponding -authentication section should looks like this:</P><PRE CLASS="verbatim">%% Authentication method +infos in <TT>"ou=AddressBook,dc=example,dc=org"</TT> directory. +The connection to the LDAP server is encrypted using TLS, +and using the custom port 6123. +Corresponding authentication section should looks like this:</P><PRE CLASS="verbatim">%% Authentication method {auth_method, ldap}. %% DNS name of our LDAP server {ldap_servers, ["ldap.example.org"]}. %% Bind to LDAP server as "cn=Manager,dc=example,dc=org" with password "secret" {ldap_rootdn, "cn=Manager,dc=example,dc=org"}. {ldap_password, "secret"}. +{ldap_encrypt, tls}. +{ldap_port, 6123}. %% Define the user's base {ldap_base, "ou=Users,dc=example,dc=org"}. %% We want to authorize users from 'shadowAccount' object class only diff --git a/doc/guide.tex b/doc/guide.tex index d8717f186..e496e6b94 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -2105,12 +2105,15 @@ Parameters: \begin{description} \titem{ldap\_servers} \ind{options!ldap\_server}List of IP addresses or DNS names of your LDAP servers. This option is required. +\titem{ldap\_encrypt} \ind{options!ldap\_encrypt}Type of connection encryption to the LDAP server. +Allowed values are: \term{none}, \term{tls}. +Note that STARTTLS is not supported. +The default value is: \term{none}. \titem{ldap\_port} \ind{options!ldap\_port}Port to connect to your LDAP server. - The initial default value is~389, so it is used when nothing is set into the -configuration file. +The default port is~389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in \ejabberd{}'s database. Then, if you remove that value from the configuration file, -the value previously stored in the database will be used instead of the default 389. +the value previously stored in the database will be used instead of the default port. \titem{ldap\_rootdn} \ind{options!ldap\_rootdn}Bind DN. The default value is~\term{""} which means `anonymous connection'. \titem{ldap\_password} \ind{options!ldap\_password}Bind password. The default @@ -2185,8 +2188,10 @@ You can authenticate users against an LDAP directory. Available options are: Let's say \term{ldap.example.org} is the name of our LDAP server. We have users with their passwords in \term{"ou=Users,dc=example,dc=org"} directory. Also we have addressbook, which contains users emails and their additional -infos in \term{"ou=AddressBook,dc=example,dc=org"} directory. Corresponding -authentication section should looks like this: +infos in \term{"ou=AddressBook,dc=example,dc=org"} directory. +The connection to the LDAP server is encrypted using TLS, +and using the custom port 6123. +Corresponding authentication section should looks like this: \begin{verbatim} %% Authentication method @@ -2196,6 +2201,8 @@ authentication section should looks like this: %% Bind to LDAP server as "cn=Manager,dc=example,dc=org" with password "secret" {ldap_rootdn, "cn=Manager,dc=example,dc=org"}. {ldap_password, "secret"}. +{ldap_encrypt, tls}. +{ldap_port, 6123}. %% Define the user's base {ldap_base, "ou=Users,dc=example,dc=org"}. %% We want to authorize users from 'shadowAccount' object class only |