How do I setup a LDAP-backed IRC server?

You Question Needs a lot of explanation , so i will summarize my answer :

First you should use Inspircd v2.0.15 because its stable , high performance and the most important for your usage , flagged as ldap support Link.

First :

You should edit your /etc/hosts file :

YouserverIp       hostname.example.com        hostname

Second :

Install OpenLdap :

sudo apt-get install slapd ldap-utils

during installation just type your ldap administrator password .

OpenLdapServer

Third :

Install apache2 : apt-get install apache2

Fourth :

Install phpldapAdmin : phpLDAPadmin (also known as PLA) is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server.

sudo apt-get install phpldapadmin ( that's why i installed apache2 , its web tool)

You have now two steps :

edit

 /etc/ldap/ldap.conf

add : edit

BASE dc=yourdomain,dc=com
URI ldap://Your Ip Address

then : edit /etc/phpldapadmin/config.php

enter image description here

enter image description here

enter image description here

Just edit your Ip and domain name .

Open your browser :

yourIp/phpldapadmin

Enter your administrator password that you type when install sldap .

Now you connect to ldap database . select domain ----> on the right add Generic Posix Group ----> then select group and Create a child Entry add Generic User Accounts for testing .

enter image description here

More help use phpldapadmin Here

Fifth :

Now its time to configure inspircd :

edit : /etc/inspircd/inspircd.conf you need to load the ldapauth module and point to your ldap server,

<module name="m_ldapauth.so">
<ldapauth baserdn="cn=test,dc=domain,dc=com"
          attribute="uid"
          server="ldap://yourIp or domainname"
          allowpattern="Guest*"
          killreason="Access denied"
          searchscope="subtree"
          binddn=""
          bindauth=""
          verbose="yes"
          userfield="yes" >

You should also add you irc server name and admin name and other option in

/etc/inspircd/inspircd.conf 

This tutorial would help you : Tutorial

Last :

Restart slapd , inspircd and try to connect be users you made .

Note change as it fits your needs , this configuration both irc and ldap are the same servers .

Hope it helps you because i don't think there is an official documentation could be simple as mine .


If you really want that the IRCd does the authentication, I would suggest InspIRCd.

It has a ldapauth module, but you need to compile it yourself with

./configure --enable-extras=m_ldap.cpp
make
make install

An example configuration how LDAP is used is in an example configuration file.

Note that this module is experimental. And the configuration file (and the source code) is all the documentation you get for that module.

Edit: After reading a bit of the code, I'll try to explain how that works:

  • It first binds to the ldap server with the credentials you specified in the configuration.
  • It searches for a user where the attribute that you specified in the configuration is equal to the nick of the connecting user.
  • It tries to authenticate the found dn with the password that the user supplied on connect (via PASS, can be configured in the server configuration on most clients).

If any step fails, the user is disconnected from the network/server. I hope that is what you need (unauthenticated users can't connect).

For the configuration, there is a concept of databases. LDAP is used here like a database. You first define the database (LDAP server, credentials for the LDAP server...), and use it later for one or more purposes, e.g. user authentication, oper authentication...

Or put it simple: The default values are either obviously wrong or good defaults.

Edit: What you want falls in the domain of IRC services. Although InspIRCd could provide basic services, you need to write own code to make it work as you want.


You haven't specify which IRCd to use and actually asked for it.

So; here is an example for LDAP configuation to InspIRCd.

For a complete list of IRCds; you may have a look to this Comparison of Internet Relay Chat daemons in which all -except two, supports Linux.

and finally in this Table; you can find which does actually supports LDAP Authentication.

Wish that helps you in your decision .