#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CGI:IRC module: Adds support for automatic host changing in CGI:IRC
# (http://cgiirc.sourceforge.net).
+# Adds snomask +w for monitoring CGI:IRC connections.
#<module name="m_cgiirc.so">
#
#-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
# To use, CHGNAME must be in one of your oper class blocks.
#<module name="m_chgname.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Clear chan module: Allows opers to masskick, masskill or mass-G/ZLine
+# all users on a channel using /CLEARCHAN.
+#<module name="m_clearchan.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Cloaking module: Adds usermode +x and cloaking support.
# Relies on the module m_md5.so being loaded.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Conn-Join: Allows you to force users to join one or more channels
-# automatically upon connecting to the server.
+# automatically upon connecting to the server, or join them in case
+# they aren't on any channels after being online for X seconds.
#<module name="m_conn_join.so">
#
#-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#
-# If you have m_conn_join.so loaded, you can configure it using the
-# follow values:
-#
+# Join users immediately after connection to #one #two and #three.
#<autojoin channel="#one,#two,#three">
+# Join users to #chat after 15 seconds if they aren't on any channels.
+#<autojoin channel="#chat" delay="15">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Conn-Usermodes: Set modes on users when they connect
# IP addresses (32 and 128 bits) into CIDR masks, to allow for throttling
# over whole ISPs/blocks of IPs, which may be needed to prevent attacks.
#
-#<connectban threshold="10" duration="10m" ipv4cidr="32" ipv6cidr="128">
+# A custom ban message may optionally be specified.
+#
+# <connectban threshold="10" duration="10m" ipv4cidr="32" ipv6cidr="128"
+# banmessage="Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.">
+#
# This allows for 10 connections in an hour with a 10 minute ban if that is exceeded.
#
#<module name="m_connectban.so">
# a <bind> tag with type "httpd", and load at least one of the other
# m_httpd_* modules to provide pages to display.
#
+# You can adjust the timeout for HTTP connections below. All HTTP
+# connections will be closed after (roughly) this many seconds.
+#<httpd timeout="20">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# http ACL module: Provides access control lists for m_httpd dependent
# If set to "both" then (surprise!) both will be sent.
#<knock notify="notice">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# LDAP module: Allows other SQL modules to access a LDAP database
+# through a unified API.
+# This modules is in extras. Re-run configure with: ./configure --enable-extras=m_ldap.cpp
+# and run make install, then uncomment this module to enable it.
+#
+#<module name="m_ldap.so">
+#<database module="ldap" id="ldapdb" server="ldap://localhost" binddn="cn=Manager,dc=inspircd,dc=org" bindauth="mysecretpass" searchscope="subtree">
+# The server parameter indicates the LDAP server to connect to. The #
+# ldap:// style scheme before the hostname proper is MANDATORY. #
+# #
+# The binddn and bindauth indicate the DN to bind to for searching, #
+# and the password for the distinguished name. Some LDAP servers will #
+# allow anonymous searching in which case these two values do not #
+# need defining, otherwise they should be set similar to the examples #
+# above. #
+# #
+# The searchscope value indicates the subtree to search under. On our #
+# test system this is 'subtree'. Your mileage may vary. #
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP authentication module: Adds the ability to authenticate users #
-# via LDAP. This is an extra module which must be enabled explicitly #
-# by symlinking it from modules/extra, and requires the OpenLDAP libs #
-# This modules is in extras. To enable it, Re-run configure with: #
-# ./configure --enable-extras=m_ldapauth.cpp #
-# and run make install, then uncomment this module. #
+# via LDAP. #
# #
#<module name="m_ldapauth.so"> #
# #
# Configuration: #
# #
-# <ldapauth baserdn="ou=People,dc=brainbox,dc=cc" #
+# <ldapauth dbid="ldapdb" #
+# baserdn="ou=People,dc=brainbox,dc=cc" #
# attribute="uid" #
-# server="ldap://brainwave.brainbox.cc" #
-# allowpattern="Guest*" #
+# allowpattern="Guest* Bot*" #
# killreason="Access denied" #
-# searchscope="subtree" #
-# binddn="cn=Manager,dc=brainbox,dc=cc" #
-# bindauth="mysecretpass" #
# verbose="yes" #
# host="$uid.$ou.inspircd.org"> #
# #
# The attribute value indicates the attribute which is used to locate #
# a user account by name. On POSIX systems this is usually 'uid'. #
# #
-# The server parameter indicates the LDAP server to connect to. The #
-# ldap:// style scheme before the hostname proper is MANDITORY. #
-# #
-# The allowpattern value allows you to specify a wildcard mask which #
-# will always be allowed to connect regardless of if they have an #
-# account, for example guest users. #
+# The allowpattern value allows you to specify a space separated list #
+# of wildcard masks which will always be allowed to connect #
+# regardless of if they have an account, for example guest and bot #
+# users. #
# #
# Killreason indicates the QUIT reason to give to users if they fail #
# to authenticate. #
# #
-# The searchscope value indicates the subtree to search under. On our #
-# test system this is 'subtree'. Your mileage may vary. #
-# #
# Setting the verbose value causes an oper notice to be sent out for #
# every failed authentication to the server, with an error string. #
# #
-# The binddn and bindauth indicate the DN to bind to for searching, #
-# and the password for the distinguished name. Some LDAP servers will #
-# allow anonymous searching in which case these two values do not #
-# need defining, otherwise they should be set similar to the examples #
-# above. #
-# #
# ldapwhitelist indicates that clients connecting from an IP in the #
# provided CIDR do not need to authenticate against LDAP. It can be #
# repeated to whitelist multiple CIDRs. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP oper configuration module: Adds the ability to authenticate #
-# opers via LDAP. This is an extra module which must be enabled #
-# explicitly by symlinking it from modules/extra, and requires the #
-# OpenLDAP libs. Re-run configure with: ./configure --enable-extras=m_ldapoper.cpp
-# and run make install, then uncomment this module to enable it. #
+# opers via LDAP. #
# #
#<module name="m_ldapoper.so">
# #
# Configuration: #
# #
-# <ldapoper baserdn="ou=People,dc=brainbox,dc=cc"
-# server="ldap://brainwave.brainbox.cc"
-# searchscope="subtree"
-# binddn="cn=Manager,dc=brainbox,dc=cc"
-# bindauth="mysecretpass"
+# <ldapoper dbid="ldapdb"
+# baserdn="ou=People,dc=brainbox,dc=cc"
# attribute="uid">
# #
# Available configuration items are identical to the same items in #
# SAJOIN module: Adds the /SAJOIN command
# This module is oper-only.
# To use, SAJOIN must be in one of your oper class blocks.
+# Opers need the users/sajoin-others priv to be able to /SAJOIN users
+# other than themselves.
#<module name="m_sajoin.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SASL authentication module: Provides support for IRC Authentication
-# Layer (aka: atheme SASL) via AUTHENTICATE.
+# Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded
+# for SASL to work.
#<module name="m_sasl.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="m_showwhois.so">
#
# If you wish, you may also let users set this mode. Only opers with the
-# users/auspex priv will see real hosts of people, though. This setting
-# is not reloadable via /rehash, and will require /reloadmodule, as
-# it directly affects the mode object itself.
+# users/auspex priv will see real hosts of people, though.
#<showwhois opersonly="yes"
#
# You may also set whether or not users should receive whois notices, should
# #
#<sqloper dbid="1" hash="md5">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# StartTLS module: Implements STARTTLS, which allows clients #
+# connected to non SSL enabled ports to enable SSL, if a proper SSL #
+# module is loaded (either m_ssl_gnutls or m_ssl_openssl). #
+#<module name="m_starttls.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be #
# added/removed by Services. #
#<module name="m_svshold.so">
+# SVSHOLD does not generate server notices by default, you can turn
+# notices on by uncommenting the next line.
+#<svshold silent="false">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SWHOIS module: Allows you to add arbitary lines to user WHOIS.