[ejabberd] LDAP random access and unable to publish vcard

Fernando de los Ríos Sánchez fdelosrios at ub.edu
Fri Mar 11 14:47:42 MSK 2005


Hi all, I "successfully" compiled and installed ejabberd but something 
very strange happens to me now. For a while all was running apparently 
right but now ejabberd behaves in a way I cannot understand. I try to 
connect with the Psi client, with 4 accounts at once that exists in my 
LDAP server but they connect randomly, I'm serious. Sometimes 2 connect, 
sometimes 1 or all them. The ones that cannot connect keep trying until 
I turn off the client. The ones that do sometimes can publish the vcard 
correctly, some others keep trying but they can't, some others crash 
with a blank reason, etc. I happens through port 5222 in plain text and 
through port 5223 in plain text over SSL. I paste here a tcp session 
dump, my ejabberd.cfg and my ejabberd run script. Bye the way, I run it 
under ejabberd account, I already checked the file permissions and it 
does the LDAP queries and they seem correct.
Thanks in advance and sorry for my english :s.

Dump:

<?xml version="1.0"?>
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" 
xmlns="jabber:client" to="nasum.ere.ub.es" >
<?xml version='1.0'?><stream:stream xmlns='jabber:client' 
xmlns:stream='http://etherx.jabber.org/streams' id='710085934' 
from='nasum.ere.ub.es' xml:lang='es'><iq type="get" id="auth_1" 
to="nasum.ere.ub.es" >
<query xmlns="jabber:iq:auth">
<username>fernando</username>
</query>
</iq>
<iq type='result' from='nasum.ere.ub.es' id='auth_1'><query 
xmlns='jabber:iq:auth'><username>fernando</username><password/><resource/></query></iq><iq 
type="set" id="auth_2" to="nasum.ere.ub.es" >
<query xmlns="jabber:iq:auth">
<username>fernando</username>
<password>password</password>
<resource>Psi</resource>
</query>
</iq><iq type='result' from='nasum.ere.ub.es' id='auth_2'/><iq 
type="get" id="aacea" >
<query xmlns="jabber:iq:roster"/>
</iq>

ejabberd.cfg:

% $Id: ejabberd.cfg.example,v 1.17 2004/10/08 20:40:28 aleksey Exp $

override_global.
override_local.
override_acls.


% Users that have admin access.  Add line like one of the following 
after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "fernando"}}.
%{acl, admin, {user, "ermine"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.


% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
{access, register, [{deny, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
  {"Welcome!",
   "Welcome to Jabber Service.  "
   "For information about Jabber visit http://jabber.org"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
{registration_watchers, ["fernando at nasum.ere.ub.es"]}.
%                         "admin2 at localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.


% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
                {allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
                       {normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.


% Authentification method.  If you want to use internal user base, then use
% this line:
%{auth_method, internal}.

% For LDAP authentification use these lines instead of above one:
{auth_method, ldap}.
{ldap_servers, ["localhost"]}.    % List of LDAP servers
{ldap_uidattr, "uid"}.            % LDAP attribute that holds user ID
{ldap_base, "dc=ere,dc=ub,dc=es"}. % Base of LDAP directory

% For authentification via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentification/script"}.


% Host name:
{host, "nasum.ere.ub.es"}.

% Default language for server messages
{language, "es"}.

% Listened ports:
{listen,
  [{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}, 
starttls, {certfile, "/etc/ejabberd/jabber.pem"}]},
   {5223, ejabberd_c2s,     [{access, c2s}, tls, {certfile, 
"/etc/ejabberd/jabber.pem"}]},
   {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper}]},
   {5280, ejabberd_http,    [web_admin]}
  % {5280, ejabberd_http,   [http_poll, web_admin]}
  ]}.

   % Use these two lines instead if TLS support is not compiled
   %{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}]},
   %{5223, ejabberd_c2s,     [{access, c2s}, ssl, {certfile, 
"/etc/ssl/certs/erecert.pem"}]},

% If SRV lookup fails, then port 5269 is used to communicate with remote 
server
{outgoing_s2s_port, 5269}.


% Used modules:
{modules,
  [
   {mod_register,   [{access, register}]},
   {mod_roster,     []},
   {mod_privacy,    []},
   {mod_configure,  []},
   {mod_configure2, []},
   {mod_disco,      []},
   {mod_stats,      []},
   {mod_vcard,      [{host,"nasum.ere.ub.es"}]},
   {mod_offline,    []},
   {mod_announce,   [{access, announce}]},
   {mod_echo,       [{host, "nasum.ere.ub.es"}]},
   {mod_private,    []},
   {mod_irc,        []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
   {mod_muc,        [{host,"nasum.ere.ub.es"},
                     {access, muc},
                     {access_create, muc},
                     {access_admin, muc_admin}]},
   {mod_pubsub,     []},
   {mod_time,       []},
   {mod_last,       []},
   {mod_version,    []}
  ]}.




% Local Variables:
% mode: erlang
% End:


More information about the ejabberd mailing list