Description:
Generic LDAPi [1] module that handles connection to the ldap server and exports a simple API to interact with the server. Also, a LDAP authentication module that uses the API exported from the generic LDAP module.

Instructions for use:

Save the patchfile to the directory with the file to patch, then (having that directory as current) use the command 'patch -p0 < patchfile.txt'

LDAPi [2] module configuration:

modparam("ldap", "ldap_version", 3)     <= optional, possible values are 1, 2 or 3

modparam("ldap", "ldap_url", "ldap://localhost:389")     <== optional, defaults to "ldap://localhost", ldaps connections require ldap_version >= 2

modparam("ldap", "ldap_bind_dn", "cn=user,dc=example,dc=org")     <== required

modparam("ldap", "ldap_bind_password", "secret")     <== required

modparam("ldap", "ldap_tls", 1)     <== optional, possible values are 1 (use start TLS) or 0 (do not use start TLS). Start TLS requires ldap_version = 3 and the use of a non ldaps connection url like "ldap://fqdn". The fqdn must match the CN of the certificate used by the server.

LDAP authentication module

modparam("auth_ldap", "ldap_auth_base_dn", "ou=users,dc=example,dc=org")     <== required, searchs in the directory will be based on this DN

modparam("auth_ldap", "ldap_auth_objectClass", "posixAccount")     <== optional, used to search the directory. (objectClass=posixAccount)

modparam("auth_ldap", "ldap_auth_user_attribute", "uid")     <== required, used to search the directory. (uid=xxx)

modparam("auth_ldap", "ldap_auth_realm_attribute", "someAttribute")     <== optional, used to search the directory. (someAttribute=sample.org)

modparam("auth_ldap", "ldap_auth_did_attribute", "someAttribute2")     <== optional, used to search the directory. (someAttribute2=did1)

modparam("auth_ldap", "ldap_auth_passwd_attribute", "attr")     <== optional, attribute that stores the user password in plain text

modparam("auth_ldap", "ldap_auth_ha1_attribute", "attr")     <== optional, attribute that stores the HA1(username:realm:password)

The ldap_auth_passwd_attribute and ldap_auth_ha1_attribute parameters are exclusive, you need to specify only one of them

Using the authentication module:

ldap_www_authenticate("realm")

ldap_proxy_authenticate("realm")