Prosody with authentification against LDAP/ActiveDirectory

I am using

Prosody v0.9.1
sasl2-bin v2.1.25
Debian 8/jessie

you need several packages:

apt-get update ; apt-get install sasl2-bin libsasl2-modules-ldap lua-ldap lua-cyrussasl

and configs:

/etc/default/saslauthd

START=yes
MECHANISMS="ldap"
MECH_OPTIONS="/etc/saslauthd.conf"

/etc/saslauthd.conf

ldap_servers: ldap://ldap.example.com/
ldap_search_base: ou=foo,dc=example,dc=com

ldap_bind_dn: ldap-user-for-binding
ldap_bind_pw: pw-for-that-user
ldap_use_sasl: no
ldap_start_tls: no
ldap_auth_method: bind

ldap_filter: (sAMAccountName=%u)

/etc/prosody/prosody.cfg.lua

authentication = "cyrus"
cyrus_service_name = "xmpp"

-- eventually configure SSL properly
ssl = {
        key = "x";
        certificate = "y";

        options = { "no_sslv2", "no_sslv3" , "no_ticket", "no_compression" };
        ciphers = "HIGH:!DSS:!aNULL@STRENGTH!:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA";
}

Add the system-user ‘prosody’ to the ‘sasl’-group and restart both services:

adduser prosody sasl ; service saslauth restart ; service prosody restart

Eventually have a look at /var/log/auth.log for sasl-problems or the prosody-logs.

Posted

06/12/2013

Blog

Oluf Lorenzen

Tags:

active directory, ad, debian, ldap, linux, prosody, xmpp

Comments

One response to “Prosody with authentification against LDAP/ActiveDirectory”

testsaslauthd succeeds but sasl-sample-server/client fail | Question and Answer

19/12/2015

[…] http://blogs.mafia-server.net/nur-bahnhof/2013/12/prosody-authentification-ldapactivedirectory/ […]