Added LDAP support

1 files changed, 234 insertions, 121 deletions

diff --git a/data/example.conf b/data/example.conf
index 4d5361b9e..243dcb725 100644
--- a/data/example.conf
+++ b/data/example.conf
@@ -596,13 +596,13 @@ log
 	 */
 	target = "services.log"
 	/* Log to both services.log and the channel #services */
-	//target = "services.log #services"
+	#target = "services.log #services"
 
 	/*
 	 * The source(s) to only accept log messages from. Leave commented to allow all sources.
 	 * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name.
 	 */
-	//source = ""
+	#source = ""
 
 	/*
 	 * The number of days to keep logfiles, only useful if you are logging to a file.
@@ -656,7 +656,7 @@ log
 	override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set"
 	commands = "~operserv/* *"
 	servers = "*"
-	//channels = "~mode *"
+	#channels = "~mode *"
 	users = "connect disconnect nick"
 	other = "*"
 	rawio = no
@@ -795,7 +795,7 @@ opertype
 oper
 {
 	/* The nickname of this services oper */
-	//name = "nick1"
+	#name = "nick1"
 
 	/* The opertype this person will have */
 	type = "Services Root"
@@ -803,13 +803,13 @@ oper
 
 oper
 {
-	//name = "nick2"
+	#name = "nick2"
 	type = "Services Administrator"
 }
 
 oper
 {
-	//name = "nick3"
+	#name = "nick3"
 	type = "Helper"
 }
 
@@ -1769,59 +1769,38 @@ defcon
 /*
  * [OPTIONAL] Non-Core Modules
  *
- * The following single-line blocks are used to load all non-core modules, including 3rd-party modules.
+ * The following blocks are used to load all non-core modules, including 3rd-party modules.
  * Modules can be prevented from loading by commenting out the line, other modules can be added by
  * adding a module block. These modules will be loaded prior to Services connecting to your network.
  */
-module { name = "hs_moo" }
-module { name = "ircd_defizzer" }
-module { name = "os_ignore" }
-module { name = "cs_appendtopic" }
-module { name = "cs_enforce" }
-module { name = "ns_maxemail" }
 
 /*
- * [OPTIONAL] Module-Specific Options
+ * cs_appendtopic
  *
- * The following blocks are used for options pertaining to modules and are not part of the core.
- * Unless otherwise stated, most of the options are optional.
- */
-
-/*
- * m_ssl
- *
- * This module uses SSL to connect to the uplink server(s)
+ * Adds the APPENDTOPIC command to ChanServ, which allows users to easially append text to
+ * the end of existing channel topics.
  */
-module { name = "m_ssl" }
+module { name = "cs_appendtopic" }
 
 /*
- * m_mysql
+ * cs_enforce
  *
- * This module allows other modules (db_mysql) to use MySQL.
- * Be sure you have imported the table schema with mydbgen before
- * trying to use MySQL
+ * Adds the ENFORCE commad to ChanServ, which allows enforcing various channel settings like
+ * SECUREOPS and RESTRICTED.
  */
-#module { name = "m_mysql" }
-mysql
-{
-	database = "anope"
-	server = "127.0.0.1"
-	username = "anope"
-	password = "mypassword"
-	port = 3306
-}
+module { name = "cs_enforce" }
 
 /*
- * db_plain
+ * cs_entrymsg
  *
- * This is the default flatfile database format
+ * Allows you to set entry messages on your channel, which are shown to anyone
+ * who joins.
  */
-db_plain
+module { name = "cs_entrymsg" }
+cs_entrymsg
 {
-	/*
-	 * The database db_plain should use
-	 */
-	database = "anope.db"
+	/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
+	maxentries = 5
 }
 
 /*
@@ -1851,36 +1830,24 @@ cs_set_misc
 	desc = "Associate an EMail with the channel"
 }
 
-module { name = "ns_set_misc" }
-ns_set_misc
-{
-	name = "OINFO"
-	desc = "Associate oper only information to this nick"
-	privileged = yes
-}
-ns_set_misc
-{
-	name = "URL"
-	desc = "Associate a URL with the nick"
-}
-ns_set_misc
-{
-	name = "ICQ"
-	desc = "Associate an ICQ number with the nick"
-}
-
-#module { name = "m_helpchan" }
-m_helpchan
+/*
+ * db_plain
+ *
+ * This is the default flatfile database format
+ */
+db_plain
 {
 	/*
-	 * For the given channel, every user that has or gets op status of the channel
-	 * will automatically receive the +h user mode.
-	 *
-	 * This directive is optional.
+	 * The database db_plain should use
 	 */
-	helpchannel = "#help"
+	database = "anope.db"
 }
 
+/*
+ * hs_request
+ *
+ * Allows users to request vhosts which opers may then view, accept or deny
+ */
 module { name = "hs_request" }
 hs_request
 {
@@ -1896,16 +1863,67 @@ hs_request
 	#memooper = yes
 }
 
-ns_maxemail
+/*
+ * m_alias
+ *
+ * Allows you to create custom command aliases.
+ */
+module { name = "m_alias" }
+alias
 {
-	/*
-	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
-	 * commented, there will be no limit enforced when registering new accounts or using
-	 * /msg NickServ SET EMAIL.
+	/* Set to yes to make this alias triggerable by fantasy commands. */
+	fantasy = no
+	/* Set to yes to make this alias oper only */
+	operonly = no
+
+	/* Source client and command.
 	 */
-	#maxemails = 1
+	source_client = "NickServ"
+	source_command = "ID"
+
+	/* Target client and command.
+	 */
+	target_client = "NickServ"
+	target_command = "IDENTIFY"
 }
+/* Provides the !k fantasy command */
+alias
+{
+	fantasy = yes
+	source_command = "K"
+
+	target_client = "ChanServ"
+	target_command = "KICK"
+	
+}
+/* Provides the !kb fantasy command */
+alias
+{
+	fantasy = yes
+	source_command = "KB"
+
+	target_client = "ChanServ"
+	target_command = "BAN"
+}
+
+/*
+ * m_async_commands
+ *
+ * Threads for each command executed by users. You should
+ * only load this if you are using a module designed to work with this.
+ *
+ * If this is loaded with db_mysql_live then Anope will support
+ * processing multiple commands at once which will negate the "lag"
+ * issues caused from the overhead of SQL queries by db_mysq_live.
+ */
+#module { name = "m_async_commands" }
 
+/* m_dnsbl
+ *
+ * Allows configurable DNS blacklists to check connecting users against. If a user
+ * is found on the blacklist they will be immediately banned. This is a crucial module
+ * to prevent bot attacks.
+ */
 module { name = "m_dnsbl" }
 m_dnsbl
 {
@@ -1934,7 +1952,7 @@ blacklist
 	/* Name of the blacklist */
 	name = "rbl.efnetrbl.org"
 
-	/* How long to set the akill for */
+	/* How long to set the ban for */
 	time = 4h
 
 	/* Reason for akill.
@@ -1963,6 +1981,94 @@ blacklist
 	reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
 }
 
+/* m_helpchan
+ *
+ * Gives users who are op in the specified help channel usermode +h (helpop).
+ */
+#module { name = "m_helpchan" }
+m_helpchan
+{
+	helpchannel = "#help"
+}
+
+/*
+ * m_ldap
+ *
+ * This module allows other modules to use LDAP.
+ */
+#module { name = "m_ldap" }
+ldap
+{
+	server = "ldap://127.0.0.1"
+	port = 389
+	binddn = "cn=Manager,dc=anope,dc=org"
+	password = "secret"
+}
+
+/*
+ * m_ldap_oper
+ *
+ * This module dynamically ties users to Anope opertypes when they identify
+ * via LDAP group membership.
+ *
+ * Note that this doesn't give the user privileges on the IRCd, only in Services.
+ */
+#module { name = "m_ldap_oper" }
+m_ldap_oper
+{
+	/*
+	 * An optional binddn to use when searching for groups.
+	 * %a is replaced with the account name of the user.
+	 */
+	#binddn = "cn=Manager,dc=anope,dc=org"
+
+	/*
+	 * An optional password to bind with.
+	 */
+	#password = "secret"
+
+	/*
+	 * The base DN where the groups are.
+	 */
+	basedn = "ou=groups,dc=anope,dc=org"
+
+	/*
+	 * The filter to use when searching for users.
+	 * %a is replaced with the account name of the user.
+	 */
+	filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
+
+	/*
+	 * The attribute of the group that is the name of the opertype.
+	 * The cn attribute should match a known opertype in the config.
+	 */
+	opertype_attribute = "cn"
+}
+
+/*
+ * m_mysql
+ *
+ * This module allows other modules (db_mysql/db_mysql_live) to use MySQL.
+ * Be sure you have imported the table schema with mydbgen before
+ * trying to use MySQL
+ */
+#module { name = "m_mysql" }
+mysql
+{
+	database = "anope"
+	server = "127.0.0.1"
+	username = "anope"
+	password = "mypassword"
+	port = 3306
+}
+
+/*
+ * m_ssl
+ *
+ * This module uses SSL to connect to the uplink server(s)
+ */
+module { name = "m_ssl" }
+
 /* 
  * m_xmlrpc
  *
@@ -1997,72 +2103,79 @@ m_xmlrpc
 #module { name = "m_xmlrpc_main" }
 
 /*
- * m_alias
+ * ns_identify_ldap
  *
- * Allows you to create custom command aliases.
+ * Allows you to use a LDAP server for authentication of users.
  */
-module { name = "m_alias" }
-alias
+#module { name = "ns_identify_ldap" }
+ns_identify_ldap
 {
-	/* Set to yes to make this alias triggerable by fantasy commands. */
-	fantasy = no
-	/* Set to yes to make this alias oper only */
-	operonly = no
+	/*
+	 * The distinguished name we should bind to when a user tries to identify.
+	 */
+	binddn = "ou=users,dc=anope,dc=org"
 
-	/* Source client and command.
+	/*
+	 * The attribute value used for account names.
 	 */
-	source_client = "NickServ"
-	source_command = "ID"
+	username_attribute = "uid"
 
-	/* Target client and command.
+	/*
+	 * The attribute value used for email addresses.
+	 * This directive is optional.
 	 */
-	target_client = "NickServ"
-	target_command = "IDENTIFY"
-}
+	email_attribute = "email"
 
-/* Provides the !k fantasy command */
-alias
-{
-	fantasy = yes
-	source_command = "K"
+	/*
+	 * Enable to have this module disable /nickserv register.
+	 */
+	disable_ns_register = true
 
-	target_client = "ChanServ"
-	target_command = "KICK"
-	
+	/*
+	 * The reason to give the users who try to /ns register.
+	 */
+	disable_reason = "Registration has been disabled."
+	#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
 }
 
 /*
- * m_async_commands
- *
- * Creates a thread for each command executed by a user. You should
- * only load this if you are using a module designed to work with this.
+ * ns_maxemail
  *
- * If this is loaded with db_mysql_live then Anope will support
- * processing multiple commands at once which will help very busy networks
- * with lag issues caused from the overhead of SQL queries caused by db_mysq_live.
+ * Limits how many times the same email address may be used in Anope
+ * to register accounts.
  */
-#module { name = "m_async_commands" }
-
-/* Provides the !kb fantasy command */
-alias
+module { name = "ns_maxemail" }
+ns_maxemail
 {
-	fantasy = yes
-	source_command = "KB"
-
-	target_client = "ChanServ"
-	target_command = "BAN"
+	/*
+	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
+	 * commented, there will be no limit enforced when registering new accounts or using
+	 * /msg NickServ SET EMAIL.
+	 */
+	#maxemails = 1
 }
 
 /*
- * cs_entrymsg
+ * ns_set_misc
  *
- * Allows you to set entry messages on your channel, which are shown to anyone
- * who joins.
+ * Allows you to create misc /nickserv set commands, and have the data
+ * show up in /nickserv info
  */
-module { name = "cs_entrymsg" }
-cs_entrymsg
+module { name = "ns_set_misc" }
+ns_set_misc
 {
-	/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
-	maxentries = 5
+	name = "OINFO"
+	desc = "Associate oper only information to this nick"
+	privileged = yes
+}
+ns_set_misc
+{
+	name = "URL"
+	desc = "Associate a URL with the nick"
+}
+ns_set_misc
+{
+	name = "ICQ"
+	desc = "Associate an ICQ number with the nick"
 }