objectClass:

        - inetOrgPerson

        - simpleSecurityObject

      userPassword: somepassword

      uid: john

      cn: John Doe

      sn: Doe

Prosody

-------

The ``prosody`` role can be used for setting-up Prosody, an XMPP server, on

destination machine.

The role implements the following:

* Sets-up the Prosody apt repository.

* Installs Prosody.

* Configures Prosody.

Prosody is configured as follows:

* Modules enabled: roster, saslauth, tls, dialback, posix, private, vcard,

* Self-registration is not allowed.

* Client-to-server communication requires encryption (TLS).

* Authentication is done via LDAP. For setting the LDAP TLS truststore, see

  :ref:`LDAP Client <ldap_client>`.

* Internal storage is used.

* For each domain specified, a dedicated conference/multi-user chat (MUC)

  service is set-up, with FQDN set to ``conference.DOMAIN``.

* For each domain specified, a dedicated file proxy service will be set-up, with

  FQDN set to ``proxy.DOMAIN``.

Parameters

~~~~~~~~~~

**prosody_administrators** (list, mandatory)

  List of Prosody users that should be granted administrator privileges over

  Prosody. Each item is a string with value equal to XMPP user ID

  (i.e. ``john.doe@example.com``).

**prosody_tls_key** (string, mandatory)

  Path to private key (on server itself) that should be used as server's private

  key for TLS connections. The private key should correspond to certificate

  listed in option ``prosody_tls_certificate``. The key file should be provided

  in ``PEM`` format.

    "roster"; -- Allow users to have a roster. Recommended ;)

    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.

    "tls"; -- Add support for secure TLS on c2s/s2s connections

    "dialback"; -- s2s dialback support

    "disco"; -- Service discovery

    "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.

  -- Not essential, but recommended

    "private"; -- Private XML storage (for room bookmarks, etc.)

    "vcard"; -- Allow users to set vCards

  -- Nice to have

    "version"; -- Replies to server version requests

    "uptime"; -- Report how long server has been running

    "time"; -- Let others know the time here on this server

    "ping"; -- Replies to XMPP pings with pongs

    "pep"; -- Enables users to publish their mood, activity, playing music and more

    "register"; -- Allow users to register on this server using a client and change passwords

  -- Admin interfaces

    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

  -- Other specific functionality

    "announce"; -- Send announcement to all online users

};

-- Disable account creation by default, for security

-- For more information see http://prosody.im/doc/creating_accounts

allow_registration = false;

-- These are the SSL/TLS-related settings. If you don't want

-- to use SSL/TLS, you may comment or remove this

ssl = {

  key = "{{ prosody_tls_key }}";

  certificate = "{{ prosody_tls_certificate }}";

}

-- Force clients to use encrypted connection.

c2s_require_encryption = true

-- Disable certificate validation for server-to-server connections.

s2s_secure_auth = false

-- Path to Prosody's PID file.

pidfile = "/var/run/prosody/prosody.pid"

-- Authentication backend.

authentication = "ldap"

ldap_server = "{{ prosody_ldap_server }}"

ldap_rootdn = "{{ prosody_ldap_bind_dn }}"

ldap_password = "{{ prosody_ldap_password }}"

ldap_filter = "{{ prosody_ldap_filter }}"

ldap_scope = "{{ prosody_ldap_scope }}"

ldap_tls = {{ prosody_ldap_tls }}

ldap_base = "{{ prosody_ldap_base }}"

-- Storage backend.

storage = "internal"

-- Logging configuration.

log = {