[ejabberd] RE: ejabberd on windows with AD ...

James Tait james.tait at morse.com
Thu Aug 19 12:31:17 MSD 2004


Hi Detlef,

> First of all thanks to everyone who answered to my posting.

You're welcome. :)

> Finaly I must say it seems that it is not possible to use the 
> user database of AD (with LDAP) for ejabberd. That makes me 
> really unhappy because I think this is one of the best jabber 
> daemons I tested in the past. Great work ...

It is somewhat disappointing, but not really surprising.  I've come to
expect such problems when using Microsoft's versions of supposedly standard
protocols.

> 1) How can I turn debug on in erlang/ejabberd. What I wan't 
> is a detailed output of the communication between ejabberd 
> and AD. How can I handle this ?

If you can get hold of a packet sniffer, that may be your best bet --
something like WinPCap and Ethereal ought to do the job.  This assumes
you're not encrypting your LDAP traffic, of course.

> 2) Is there a way to implement other ways of authetication ?

Yes. :)

> I think of using e.g. an POP3 server or something else ?

If you can authenticate against something that authenticates against the AD
server, you've achieved your objective....

> Can 
> I easily write my own "module" for authentication and then 
> use it within ejabberd ?

Yes, there was a patch submitted by Leif Johansson (which is now in CVS)
that allows you to use an external program to perform the authentication.

> If yes, is there a guide how I can do that ?

I'm not aware of one, but the basic steps are:

  - Obtain and apply the extauth patch (if you're not using CVS version)
  - Modify configuration to use extauth
  - Write a program/script to do the authentication for you

The config change is as simple as:

  {auth_method, external}.
  {extauth_program, "/path/to/your/program -options"}.

The extauth patch comes with an example perl script that always returns a
positive response, and I submitted an example C program last week to perform
SMB authentication against an NT domain.

Hope this helps,

JT
--
James Tait
Developer, Morse Professional Services
Business aligned IT that helps our customers get more from less.  We call
it A2e.  If you want to know more, I'll take you there.
Morse Group Ltd
Tel: +44 (0)1332 826037 Fax: +44 (0)1332 826044
www.morse.com

This email and any attachments are confidential and are intended only for
the addressee.  If you are not the intended recipient of this email and
have received it in error, you are hereby notified that the email and any
attachments must not be copied, stored or further disseminated or
distributed.  If you have received this email and its attachments in error,
please notify the sender immediately and then delete it from your system.
Internet communications are not secure and Morse makes no representation
and accepts no responsibility or liability as to the completeness and
accuracy of the information contained in this message.  Any information,
opinions or advice contained within the email or any attachments are not
necessarily those of the Morse Group.

Email communications sent and/or received by Morse staff are stored and
monitored.

Orders for hardware and software are accepted subject to Morse's Standard
Terms and Conditions of Sale.  Orders for services are accepted subject to
Morse's Standard Terms and Conditions for the Provision of Consultancy
Services.  Copies are available at http://www.morse.com and on request from
legal at morse.com or your account manager.


More information about the ejabberd mailing list