How can I configure an IRC server that is backed by LDAP?
Right now, I'm looking at making an IRC server that is backed by an OpenLDAP or 389 instance for user authentication.
Which IRCD should I be using?
Preferably, it should be able to look up the users LDAP groups and decide if they can be opped, voiced, or even allowed to join a channel at all.
You Question Needs a lot of explanation , so i will summarize my answer :
First you should use Inspircd v2.0.15 because its stable , high performance and the most important for your usage , flagged as ldap support Link.
First :
You should edit your /etc/hosts file :
Second :
Install OpenLdap :
during installation just type your ldap administrator password .
OpenLdapServer
Third :
Install apache2 :
apt-get install apache2
Fourth :
Install phpldapAdmin : phpLDAPadmin (also known as PLA) is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server.
sudo apt-get install phpldapadmin
( that's why i installed apache2 , its web tool)You have now two steps :
edit
add : edit
then : edit
/etc/phpldapadmin/config.php
Just edit your Ip and domain name .
Open your browser :
yourIp/phpldapadmin
Enter your administrator password that you type when install sldap .
Now you connect to ldap database . select domain ----> on the right add Generic Posix Group ----> then select group and Create a child Entry add Generic User Accounts for testing .
More help use phpldapadmin Here
Fifth :
Now its time to configure inspircd :
edit :
/etc/inspircd/inspircd.conf
you need to load the ldapauth module and point to your ldap server,You should also add you irc server name and admin name and other option in
This tutorial would help you : Tutorial
Last :
Restart slapd , inspircd and try to connect be users you made .
Note change as it fits your needs , this configuration both irc and ldap are the same servers .
Hope it helps you because i don't think there is an official documentation could be simple as mine .
If you really want that the IRCd does the authentication, I would suggest InspIRCd.
It has a ldapauth module, but you need to compile it yourself with
An example configuration how LDAP is used is in an example configuration file.
Note that this module is experimental. And the configuration file (and the source code) is all the documentation you get for that module.
Edit: After reading a bit of the code, I'll try to explain how that works:
If any step fails, the user is disconnected from the network/server. I hope that is what you need (unauthenticated users can't connect).
For the configuration, there is a concept of databases. LDAP is used here like a database. You first define the database (LDAP server, credentials for the LDAP server...), and use it later for one or more purposes, e.g. user authentication, oper authentication...
Or put it simple: The default values are either obviously wrong or good defaults.
Edit: What you want falls in the domain of IRC services. Although InspIRCd could provide basic services, you need to write own code to make it work as you want.
You haven't specify which IRCd to use and actually asked for it.
So; here is an example for LDAP configuation to InspIRCd.
For a complete list of IRCds; you may have a look to this Comparison of Internet Relay Chat daemons in which all -except two, supports Linux.
and finally in this Table; you can find which does actually supports LDAP Authentication.
Wish that helps you in your decision .