Prosody with authentification against LDAP/ActiveDirectory

Blog, , , , , ,

I am using

  • Prosody v0.9.1
  • sasl2-bin v2.1.25
  • Debian 8/jessie

you need several packages:

apt-get update ; apt-get install sasl2-bin libsasl2-modules-ldap lua-ldap lua-cyrussasl

and configs:

/etc/default/saslauthd

START=yes
MECHANISMS="ldap"
MECH_OPTIONS="/etc/saslauthd.conf"

/etc/saslauthd.conf

ldap_servers: ldap://ldap.example.com/
ldap_search_base: ou=foo,dc=example,dc=com

ldap_bind_dn: ldap-user-for-binding
ldap_bind_pw: pw-for-that-user
ldap_use_sasl: no
ldap_start_tls: no
ldap_auth_method: bind

ldap_filter: (sAMAccountName=%u)

/etc/prosody/prosody.cfg.lua

authentication = "cyrus"
cyrus_service_name = "xmpp"

-- eventually configure SSL properly
ssl = {
        key = "x";
        certificate = "y";

        options = { "no_sslv2", "no_sslv3" , "no_ticket", "no_compression" };
        ciphers = "HIGH:!DSS:!aNULL@STRENGTH!:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA";
}

Add the system-user ‚prosody‘ to the ’sasl‘-group and restart both services:

adduser prosody sasl ; service saslauth restart ; service prosody restart

Eventually have a look at /var/log/auth.log for sasl-problems or the prosody-logs.

Ein Gedanke zu „Prosody with authentification against LDAP/ActiveDirectory

  1. Pingback: testsaslauthd succeeds but sasl-sample-server/client fail | Question and Answer

Kommentare sind geschlossen.