Add Kerberos authentication to Let's Chat.
Kerberos headers are shipped with Mac OS X.
You'll need to install the Kerberos 5 development headers package. It may be called krb5-dev or libkrb5-dev.
You'll need to install MIT Kerberos for Windows (with SDK option checked).
This module depends on node-krb5, so installation instructions for that module should be taken into account. On Windows you must set the environment variable MITKRB5 to the MIT Kerberos home.
set MITKRB5=C:\Program Files\MIT\Kerberos npm install lets-chat-ldap npm install lets-chat-kerberos Add (and customize) these settings to your settings.yml file:
auth: kerberos: realm: example.com use_ldap_authorization: false # if use_ldap_authorization == true ldap: connect_settings: url: ldap://example.com tlsOptions: ca: ca.pem bind_options: bindDN: bindCredentials: search: base: opts: scope: one filter: (uid={{username}}) field_mappings: uid: uid # LDAP unique ID username: uid # used for mention (@uid) firstName: givenName lastName: sn displayName: givenName email: mailAlternatively, configure using environment variables:
| YAML Path | Env Variable |
|---|---|
| LCB_AUTH_KERBEROS_REALM | |
| LCB_AUTH_KERBEROS_USE_LDAP_AUTHORIZATION | |
| LCB_AUTH_KERBEROS_LDAP_CONNECT_SETTINGS_URL | |
| LCB_AUTH_KERBEROS_LDAP_CONNECT_SETTINGS_TLS_OPTIONS_CA | |
| LCB_AUTH_KERBEROS_LDAP_BIND_OPTIONS_BIND_DN | |
| LCB_AUTH_KERBEROS_LDAP_BIND_OPTIONS_BIND_CREDENTIALS | |
| LCB_AUTH_KERBEROS_LDAP_SEARCH_BASE | |
| LCB_AUTH_KERBEROS_LDAP_SEARCH_OPTS_SCOPE | |
| LCB_AUTH_KERBEROS_LDAP_SEARCH_OPTS_FILTER | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_UID | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_USERNAME | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_FIRST_NAME | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_LAST_NAME | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_DISPLAY_NAME | |
| LCB_AUTH_KERBEROS_LDAP_FIELD_MAPPINGS_EMAIL |