This module came out of my specific needs in search of a possible solution to use a member directory for authentication. I am still not sure if this is the best approach to this problem. But it works for my specific needs and I have tested it under a certain amount of load. So, if you happen to use it, please forward your platform setup, thoughts and ideas to email: zadk@mynet.com jid: zad@jabber.org
Module Description
The module has a simple purpose, bypass the standard jabber server authentication, and perform authentication (NOT registration) against an LDAP directory. As an example, I have a membership directory for my site which has recorded a number of users, and I want my current users to use jabber IM. However, I want the jabber specific data (such as roster) to still remain on the xdb (spool). Only authentication is to be performed against the LDAP. Currently ldapauth supports 2 of the 3 jabber authentication types, namely plain text and digest (which uses SHA1 -- the Secure Hash Algorithm developed by NIST).
I have used this module with jabber server 1.4.1 running on redhat 6.2/7.1, and Microsoft Membership Directory (Siteserver 3.0) running on Windows 2000 servers for about 6 months with average 4k daily logins. It has been setup and run under other configurations (Redhat 7.1 and openLDAP are the first to come to my mind, but I'm sure others on the jadmin and jdev list who have tested other environments).
To do list
ldapauth Setup
1 - edit server config file. Add ldapauth modules (printed in red) and remove mod_auth_plain, mod_auth_digest, mod_auth_0k modules. Mine lookes somthing like this after editing:
<load main="jsm">
<jsm>./jsm/jsm.so</jsm>
<mod_echo>./jsm/jsm.so</mod_echo>
<mod_roster>./jsm/jsm.so</mod_roster>
<mod_time>./jsm/jsm.so</mod_time>
<mod_vcard>./jsm/jsm.so</mod_vcard>
<mod_last>./jsm/jsm.so</mod_last>
<mod_version>./jsm/jsm.so</mod_version>
<mod_announce>./jsm/jsm.so</mod_announce>
<mod_agents>./jsm/jsm.so</mod_agents>
<mod_browse>./jsm/jsm.so</mod_browse>
<mod_admin>./jsm/jsm.so</mod_admin>
<mod_filter>./jsm/jsm.so</mod_filter>
<mod_offline>./jsm/jsm.so</mod_offline>
<mod_presence>./jsm/jsm.so</mod_presence>
<mod_auth_ldap_digest>./jsm/jsm.so</mod_auth_ldap_digest>
<mod_auth_ldap_z>./jsm/jsm.so</mod_auth_ldap_z>
<mod_log>./jsm/jsm.so</mod_log>
<mod_register>./jsm/jsm.so</mod_register>
<mod_xml>./jsm/jsm.so</mod_xml>
</load>
2 - Replace mod_register.c if you don't want user password to be saved on 'user.xml'. This should work for ldapauth2 as well although I haven't tested with it.
3 - Add the new ldapchk tag to jabber.xml. I put mine right after </welcome> tag
<!-- used for ldap authentication by mod_auth_ldap_z and mod_auth_ldap_digest -->
<ldapchk>
<host>210.10.1.48</host>
<port>1004</port>
<binddn>cn=admin,ou=members,o=mysite1</binddn>
<bindpw>taz1</bindpw>
<basedn>ou=members, o=mysite1</basedn>
</ldapchk>
4 - Edit jabber-1.4.1/platform-settings file and add LDAP lib to the 'LIBS' environment variable. Mine was nss_ldap-2.1.3 (note that this file will be over-written everytime you run configure). Typical LIBS looks like this: LIBS= -lpth -ldl -lresolv -lnss_ldap-2.1.3
5 - Edit jsm/Makefile and jsm/modules/Makefile. add mod_auth_ldap_z.o and mod_auth_ldap_digest.o to jsm_EXOBJECTS. Example:
jsm_EXOBJECTS = \
modules/mod_admin.o \
modules/mod_agents.o \
modules/mod_browse.o \
modules/mod_announce.o \
modules/mod_auth_ldap_z.o \
modules/mod_auth_ldap_digest.o \
6 - fire 'make'.
Good luck,
Zad -- JID: zad@jabber.org