Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 06 2013

Prosody with authentification against LDAP/ActiveDirectory

I am using

  • Prosody v0.9.1
  • sasl2-bin v2.1.25
  • Debian 8/jessie

you need several packages:

apt-get update ; apt-get install sasl2-bin libsasl2-modules-ldap lua-ldap lua-cyrussasl

and configs:

/etc/default/saslauthd

START=yes
MECHANISMS='ldap'
MECH_OPTIONS='/etc/saslauthd.conf'

/etc/saslauthd.conf

ldap_servers: ldap://ldap.example.com/
ldap_search_base: ou=foo,dc=example,dc=com

ldap_bind_dn: ldap-user-for-binding
ldap_bind_pw: pw-for-that-user
ldap_use_sasl: no
ldap_start_tls: no
ldap_auth_method: bind

ldap_filter: (sAMAccountName=%u)

/etc/prosody/prosody.cfg.lua

authentication = 'cyrus'
cyrus_service_name = 'xmpp'

-- eventually configure SSL properly
ssl = {
        key = 'x';
        certificate = 'y';

        options = { 'no_sslv2', 'no_sslv3' , 'no_ticket', 'no_compression' };
        ciphers = 'HIGH:!DSS:!aNULL@STRENGTH!:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA';
}

Add the system-user ‘prosody’ to the ‘sasl’-group and restart both services:

adduser prosody sasl ; service saslauth restart ; service prosody restart

Eventually have a look at /var/log/auth.log for sasl-problems or the prosody-logs.

The post Prosody with authentification against LDAP/ActiveDirectory appeared first on nur Bahnhof.

flattr this!

December 13 2011

August 29 2011

June 30 2011

January 23 2011

finkregh
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
bad response Moved Permanently 301 (http://gems.rubyforge.org/latest_specs.4.8)


// ... implement http correctly. fuckit. it is not that hard.
Reposted byit-fail it-fail

July 28 2010

June 17 2010

November 10 2009

June 05 2009

May 15 2009

May 05 2009

Das bessere Debian? GNU/kFreeBSD - grUNIX

Im Debian Wiki gibt es nun eine kleine Sammlung an Pros für GNU/kFreeBSD. Ein kurzer Auszug: •Cleaner or more standard kernel interfaces •Single /dev implementation via devfs, instead of the 3 discordant ways of handling /dev that Linux provides. •OpenBSD Packet Filter (pf). •Other nice security features, like jails. •Support for NDIS drivers in the mainline kernel. On Linux, NdisWrapper is unlikely to make it into the mainline kernel. •Possible support for ZFS in the mainline kernel. Due to license and patent issues, ZFS is unlikely to appear on Linux. •Some people say that kFreeBSD has better performance and/or stability (especially in disk/filesystem areas). •The FreeBSD kernel might support some hardware which Linux does not support and/or the FreeBSD kernel support might be better (fewer bugs).

April 16 2009

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl