[ejabberd] mod_vcard_ldap

Leif Johansson leifj at it.su.se
Wed Oct 20 01:00:46 MSD 2004


dragon_sphere at vdsworld.com wrote:
>>There is no intended ldap-dependency for exauth! My first implementation
>>used pam. Now mod_vcard_ldap uses ldap (naturally) and it currently
>>depends on attribbutes from inetOrgPerson/organizationalPerson. This
>>should be configurable (patches cheerfully accepted I think :-) ) You
>>should check the source for details.
>>
> 
> I have a schema for ldap already but I am unsure if I am doing this
> correctly?  Which source are you refering to?  Are you speaking of the
> mod_vcard_ldap.erl file?  The users do authenticate without issues but
> when a user trys to update their vcard I get a



> RECV: <iq from='noone at myjabserver.net' to='noone at myjabserver.net/Exodus'
> id='jcl_21' type='error'><vCard
> xmlns='vcard-temp'><N><GIVEN>noone</GIVEN><FAMILY>noone</FAMILY></N><NICKNAME>noone</NICKNAME><EMAIL>noone at nowhere.com<INTERNET/><PREF/></EMAIL><URL>http://www.nowhere.com</URL><ROLE/><BDAY/><TITLE/><ORG><ORGNAME/><ORGUNIT/><DESC/></ORG><ADR><HOME/></ADR><ADR><WORK/></ADR><TEL><HOME/><VOICE/><NUMBER/></TEL><TEL><HOME/><FAX/><NUMBER/></TEL><TEL><WORK/><VOICE/><NUMBER/></TEL><TEL><WORK/><FAX/><NUMBER/></TEL></vCard><error
> code='405' type='cancel'><not-allowed
> xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>

You are not supposed to be able to update ldap information using
mod_vcard_ldap - it would certainly be possible to implement this
but it isn't currently.


> 
> from Exodus's xml debug window (note: The name's and addresses in the
> response above have been changed for security reasons;-)  I guess I either
> don't have the schema correct or I don't have the permissions correct for
> the user to update their ldap info?  So I did try mod_vcard_ldap with the
> ldap authentication for ejabberd.
> 
>>If you are using check_pass_null then any user can impersonate any other
>>user. This is probably not what you want. Where/how do you plan to
>>authenticate your users?
>>
> 
> I perfer to use the built-in LDAP {auth_method, ldap} for authentication
> since it is already working the way I want it to but would like to save
> the vcard data in ldap as well and allow the users to update the vcard as
> they wish.
> 

That sounds like a good idea.

> Thanks again,
> JKinsey
> 
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd



More information about the ejabberd mailing list