0.4.0 • Published 4 years ago

ep_ldapauth v0.4.0

Weekly downloads
27
License
GPL-2.0
Repository
github
Last release
4 years ago

Etherpad lite LDAP authentication and authorization

Install

In your etherpad-lite dir:

npm install ep_ldapauth

Add to settings.json:

"users": {
    "ldapauth": {
        "url": "ldaps://ldap.example.com",
        "accountBase": "ou=Users,dc=example,dc=com",
        "accountPattern": "(&(objectClass=*)(uid={{username}}))",
        "displayNameAttribute": "cn",
        "searchDN": "uid=searchuser,dc=example,dc=com",
        "searchPWD": "supersecretpassword",
        "groupSearchBase": "ou=Groups,dc=example,dc=com",
        "groupAttribute": "member",
        "groupAttributeIsDN": true,
        "searchScope": "sub",
        "groupSearch": "(&(cn=admin)(objectClass=groupOfNames))",
        "anonymousReadonly": false
    }
},

Users who are in the matches group have admin access to etherpad-lite.

Using with FreeIPA

First setup a read-only LDAP proxy user as described here. Then adapt this settings.json to match your IPA server URL, domain, LDAP proxy user and preferred admin group.

"users": {
    "ldapauth": {
        "url": "ldap://ipa.example.org:389",
        "accountBase": "cn=users,cn=accounts,dc=example,dc=org",
        "accountPattern": "(&(objectClass=posixaccount)(uid={{username}}))",
        "displayNameAttribute": "displayname",
        "searchDN": "uid=ldapproxy,cn=sysaccounts,cn=etc,dc=example,dc=org",
        "searchPWD": "ldapproxy_password",
        "searchScope": "sub",
        "groupSearchBase": "cn=groups,cn=accounts,dc=example,dc=org",
        "groupAttribute": "member",
        "groupAttributeIsDN": true,
        "groupSearch": "(&(cn=sysadmins)(objectClass=posixgroup))",
    }
},

License

GPL-2.0

0.4.0

4 years ago

0.3.0

8 years ago

0.2.0

11 years ago

0.1.0

12 years ago

0.0.5

12 years ago

0.0.4

12 years ago

0.0.3

12 years ago

0.0.2

12 years ago

0.0.1

12 years ago