This is an old revision of the document!
If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth module. Here is how we build ZNC for afternet:
apt-get install sasl2-bin
/etc/defaults/saslauthd
:START=yes MECHANISM="ldap"
/etc/saslauthd.conf
:ldap_servers: ldaps://yourldapserver.domain ldap_search_base: ou=Users,dc=yourdomain,dc=org ldap_filter: (uid=%u) #ldap_tls_cacert_file: /etc/ssl/yourcertificate.cer
/etc/init.d/saslauthd start
testsaslauthd -u “yourldapuid” -p yourpassword -f /var/run/saslauthd/mux
/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 1 -d
/var/log/auth.log
and /var/log/daemon.log
ldapsearch -D "uid=youruid,ou=Users,dc=yourdomain,dc=org" -w yourpassword -H ldaps://ldapservername -b "ou=Users,dc=yourdomain,dc=org" -s sub "(objectclass=*)"
Assuming a debian 8 (jessie) base system:
sudo adduser yourzncuser sasl
log out and back indeb http://ftp.debian.org/debian jessie-backports main
to /etc/apt/sources.list. dont forget to sudo apt-get update
sudo apt-get build-dep znc
sudo apt-get install cmake
sudo apt-get install libicu-dev
sudo apt-get install swig3.0
sudo apt-get install libboost-all-dev
git submodule update –init –recursive
make
make install
bin/znc –makeconf
/msg *status load cyrusauth saslauthd webirc impersonation
/msg *controlpanel adduser zncclone somepassword
/msg *cyrusauth help
)cloneuser yourcloneusernamehere
createuser Yes
setimpersonateaccount znc somepassword
setNetworkName yournetwork
setServer irc.yournetwork.org 6697 true
set UserSalt somethingrandom
setWebIrc username password
setWebIrcHost .users.yournetwork.org
/msg *status load sasl
/msg *sasl help
):requireauth yes
mechanism PLAIN
WebIRC { description = "znc"; host = "*@zncip"; pass = "crypted password"; }; * Except block to protect znc from flood limits:
Except { host = "*@zncip"; gline = yes; rdns = yes; ipcheck = yes; targetlimit = yes; };
I run this script after make install
to disable a bunch of the plugins:
#!/bin/bash RM='/bin/rm -v' echo "Lets delete modules we dont trust or need for security!" #Lets remove unsafe modules! #keep#lib/znc/adminlog.so #keep#lib/znc/alias.so #keep#lib/znc/autoattach.so #keep#lib/znc/autocycle.so #keep#lib/znc/autoop.so #keep#lib/znc/autoreply.so #keep#lib/znc/autovoice.so #keep#lib/znc/awaynick.so $RM lib/znc/awaystore.so #keep#lib/znc/block_motd.so #keep#lib/znc/blockuser.so $RM lib/znc/bouncedcc.so #keep#lib/znc/buffextras.so $RM lib/znc/certauth.so $RM lib/znc/cert.so # ADD? #lib/znc/chanfilter.so #keep#lib/znc/chansaver.so #keep#lib/znc/clearbufferonmsg.so # ADD? #lib/znc/clientaway.so # ADD? #lib/znc/clientbuffer.so #keep#lib/znc/clientnotify.so $RM lib/znc/controlpanel.so $RM lib/znc/crypt.so #keep#lib/znc/ctcpflood.so #keep#lib/znc/cyrusauth.so $RM lib/znc/dcc.so #keep#lib/znc/disconkick.so #keep#lib/znc/fail2ban.so #keep#lib/znc/flooddetach.so #keep#lib/znc/identfile.so $RM lib/znc/imapauth.so #keep#lib/znc/keepnick.so #keep#lib/znc/kickrejoin.so #keep#lib/znc/lastseen.so $RM lib/znc/listsockets.so #keep#lib/znc/log.so $RM lib/znc/missingmotd.so #$RM lib/znc/modperl $RM lib/znc/modperl.so $RM lib/znc/modperl/startup.pl $RM lib/znc/modperl/ZNC.pm $RM lib/znc/modperl/ZNC.so #$RM lib/znc/modpython $RM lib/znc/modpython.so $RM lib/znc/modpython/znc_core.py $RM lib/znc/modpython/_znc_core.so $RM lib/znc/modpython/znc.py #keep#lib/znc/modules_online.so $RM lib/znc/nickserv.so $RM lib/znc/notes.so #keep#lib/znc/notify_connect.so # ADD? #lib/znc/partdetach2.cpp #keep#lib/znc/partyline.so #keep#lib/znc/perform.so $RM lib/znc/perleval.pm $RM lib/znc/pyeval.py $RM lib/znc/q.so $RM lib/znc/raw.so # ADD? #lib/znc/playback.so # ADD? #lib/znc/privmsg_auto.so #keep#lib/znc/route_replies.so $RM lib/znc/sample.so #keep#lib/znc/sasl.so $RM lib/znc/savebuff.so $RM lib/znc/schat.so $RM lib/znc/send_raw.so #keep#lib/znc/shell.so #keep#lib/znc/simple_away.so # ADD? #lib/znc/snomask.so #keep#lib/znc/stickychan.so #keep#lib/znc/watch.so #keep#lib/znc/webadmin.so