LDAP

How to easily integrate an XMPP server via LDAP.

LDAP is a widely used standard for integrating authentication in a local network. There are multiple independent implementations such as OpenLDAP, 389ds and many others. Here we will use LLDAP as the reference, as it is very easy to setup and maintain, contrary to some more complex options like OpenLDAP.

Ejabberd

Ejabberd offers great LDAP support out of the box. LLDAP provides an Ejabberd configuration example in their repository. For basic authentication it is sufficient to add the following host_config to the main ejabberd.yml configuration file:

 1host_config:
 2  xmpp.example.org:
 3    auth_method: [ldap]
 4    ldap_servers:
 5      - 127.0.0.1 #IP or hostname of LLDAP server
 6    ldap_port: 3890
 7    ldap_uids:
 8      - uid
 9    ldap_rootdn: "uid=lldap_readonly,ou=people,dc=example,dc=org"
10    ldap_password: "secret"
11    ldap_base: "ou=people,dc=example,dc=org"

Additional configuration like sharing vCard details and contacts lists are possible. Please refer to the official Ejabberd documentation.

Prosody

Prosody also supports LDAP authentication out of the box via the built in mod_auth_ldap, however this depends on OpenLDAP, which is not available in some Linux distributions like Fedora.

The configuration options should be similar to the example for Ejabberd above. Please check back later as this part of the tutorial is still a work in progress.

Openfire

Openfire supports LDAP out of the box too. A guide can be found here.

For a hands-on tutorial please check back later as this part of the tutorial is a work in progress.