LDAP authentication plugin for Etherpad-lite
JavaScript
Switch branches/tags
Nothing to show
Clone or download
tykeal Merge pull request #39 from mattock/master
Improve documentation
Latest commit 8ae8249 Jun 20, 2018
Permalink
Failed to load latest commit information.
lib Skip admin binding if searchDN is not defined Jan 3, 2017
.gitignore Ignore the .ep_initialized file May 3, 2013
CHANGELOG
LICENSE.GPLv2
README.md Add FreeIPA usage instructions Jun 20, 2018
ep.json
ep_ldapauth.js Fix typeof paren typo Apr 3, 2017
package.json Release build 0.3.0 Jan 3, 2017

README.md

Etherpad lite LDAP authentication and authorization

Install

In your etherpad-lite dir:

npm install ep_ldapauth

Add to settings.json:

"users": {
    "ldapauth": {
        "url": "ldaps://ldap.example.com",
        "accountBase": "ou=Users,dc=example,dc=com",
        "accountPattern": "(&(objectClass=*)(uid={{username}}))",
        "displayNameAttribute": "cn",
        "searchDN": "uid=searchuser,dc=example,dc=com",
        "searchPWD": "supersecretpassword",
        "groupSearchBase": "ou=Groups,dc=example,dc=com",
        "groupAttribute": "member",
        "groupAttributeIsDN": true,
        "searchScope": "sub",
        "groupSearch": "(&(cn=admin)(objectClass=groupOfNames))",
        "anonymousReadonly": false
    }
},

Users who are in the matches group have admin access to etherpad-lite.

Using with FreeIPA

First setup a read-only LDAP proxy user as described here. Then adapt this settings.json to match your IPA server URL, domain, LDAP proxy user and preferred admin group.

"users": {
    "ldapauth": {
        "url": "ldap://ipa.example.org:389",
        "accountBase": "cn=users,cn=accounts,dc=example,dc=org",
        "accountPattern": "(&(objectClass=posixaccount)(uid={{username}}))",
        "displayNameAttribute": "displayname",
        "searchDN": "uid=ldapproxy,cn=sysaccounts,cn=etc,dc=example,dc=org",
        "searchPWD": "ldapproxy_password",
        "searchScope": "sub",
        "groupSearchBase": "cn=groups,cn=accounts,dc=example,dc=org",
        "groupAttribute": "member",
        "groupAttributeIsDN": true,
        "groupSearch": "(&(cn=sysadmins)(objectClass=posixgroup))",
    }
},

License

GPL-2.0