Using LDAP to run an IRC network

A rough guide to leave some bread crumbs behind for those who do it after me.

What you need

  • X3 Channel & Oper services - This is the only services I know of that supports ldap account authentication. http://evilnet.sourceforge.net/x3
  • slapd - This is the openldap server daemon. I installed mine in Ubuntu server using apt.
  • Other things you want to auth against the same users as X3

Overview

For those new to ldap

Ldap is a special kind of database server which stores data in trees instead of rows. Its ideal for storing information about an organization, including accounts, directory info (email, phone, etc) and password hashes for authentication. Ldap is a standard, implemented by many technologies, including openldap, netscape, and even to some extent active directory (which is based on a very broken implementation of ldap).

The nice thing about ldap is that MANY MANY other programs know how to do user authentication against it. For example, apache http auth is easy against an ldap server. This makes restricting pages to your users very easy, even on webservers located on other servers away from your services. Many web-based systems such as dokuwiki, sympa, RT, etc can use ldap too. You can even use it to authenticate users on linux/unix systems. Ldap forms the backbone of most large corporate/educational computing environments.

I should say, that ldap is very complicated stuff, and it wasn't written by people who give a flying hoot if you can figure it out or not. If you are not so good on the command line, or not willing to really dive in to understand something complex, this isn't going to be for you.