ejabberd: Add configuration options for ldap authentication

2013-09-17 09:46:22 +03:00 · 2013-09-17 09:46:22 +03:00 · e8c5cce68a
commit e8c5cce68a
parent 1fbe904a13
2 changed files with 32 additions and 3 deletions
--- a/ejabberd/manifests/init.pp
+++ b/ejabberd/manifests/init.pp
@ -36,6 +36,21 @@
 #   $ejabberd_ldap_basedn:
 #       LDAP base dn.
 #
+#   $ejabberd_ldap_encrypt:
+#       LDAP encryption. Defaults to "tls".
+#
+#   $ejabberd_ldap_port:
+#       LDAP port. Defaults to 636.
+#
+#   $ejabberd_ldap_uidattr:
+#       LDAP UID attribute. Defaults to "uid".
+#
+#   $ejabberd_ldap_binddn:
+#       Optional bind DN.
+#
+#   $ejabberd_ldap_bindpw:
+#       Bind DN password.
+#
 class ejabberd {

    include user::system
@ -51,6 +66,16 @@ class ejabberd {
        $ejabberd_auth = "internal"
    }

+    if !$ejabberd_ldap_encrypt {
+        $ejabberd_ldap_encrypt = "tls"
+    }
+    if !$ejabberd_ldap_port {
+        $ejabberd_ldap_port = "636"
+    }
+    if !$ejabberd_ldap_uidattr {
+        $ejabberd_ldap_uidattr = "uid"
+    }
+
    case $ejabberd_muclog_format {
        "","html","plaintext": { }
        default: {
--- a/ejabberd/templates/ejabberd.cfg.erb
+++ b/ejabberd/templates/ejabberd.cfg.erb
@ -225,10 +225,14 @@ override_acls.
 <% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
 {ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
 {ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
-{ldap_encrypt, tls}.
-{ldap_port, 636}.
-{ldap_uids, [{"uid", "%u"}]}.
+{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}.
+{ldap_port, <%= @ejabberd_ldap_port %>}.
+{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}.
 {ldap_filter, "(!(loginShell=/sbin/nologin))"}.
+<%   if @ejabberd_ldap_binddn -%>
+{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}.
+{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}.
+<%   end -%>
 <% end -%>

 %%