INN nnrpd LDAP authentication module
====================================

christian mock <cm@tahina.priv.at> 2004
Licensed under the GPL, see LICENSE.

PURPOSE
=======

This is a perl_auth and perl_access module for INN's nnrpd; it
authenticates users against an LDAP server and retrieves the access
config from LDAP.

I wrote it to keep a few tens of users easily manageable, since google
didn't turn up any ready-to-use code.

It comes with its own LDAP schema which defines nnrpdUser and
nnrpdAccessGroup objectclasses, where the user has an nnrpdAccessGroup
attribute which points to (surprise!) an nnrpdAccessGroup object via
its DN:

dn: cn=test,ou=newsusers,dc=example,dc=com
  objectClass: top
  objectClass: nnrpdUser
  cn: test
  mail: test@example.com
  nnrpdAccessGroup: cn=normal,ou=accessgroups,dc=example,dc=com
  gecos: Test User
  userPassword:: XXX

dn: cn=normal,ou=accessgroups,dc=example,dc=com
  objectClass: top
  objectClass: nnrpdAccessGroup
  cn: normal
  description: standard access group
  nnrpdNewsgroups: *,!local.*
  nnrpdVirtualhost: true
  nnrpdPathhost: news.example.com

So the user "test" will be able to access *,!local.*; there's a bunch
more parameters from readers.conf in nnrpd.schema.


INSTALLATION
============

Let your LDAP server know about the stuff in nnrpd.schema.

Add a block to readers.conf:

auth "ldap" {
        perl_auth: "/path/to/nnrpd-ldap-auth.pl"
        perl_access: "/path/to/nnrpd-ldap-auth.pl"
}

Edit the require statement, $ldap_host and $ldap_bind_template at the
top of nnrpd-ldap-auth.pl, and install it somewhere sensible.

Use passwd2ldif.pl to generate LDIF from your nnrpd password file.

Test your authentication, logging goes to syslog with facility news
as nnrpd-ldap-auth and should verbosely tell you about any LDAP
errors.


BUGS
====

The OIDs in the schema are 1.1.*, i.e. prone to collide with other
schemas. I hope I'll get my own enterprise OID soon...