[ejabberd] RE: Another Person with eJabber AD/LDAP Problems

Brazell, Bill Bill.Brazell at cingular.com
Thu Mar 31 01:34:44 MSD 2005


I've scoured the forums and lists for an answer, but can't seem to find
anything concrete regarding the use of Active Directory as an
authentication mechanism for eJabber.  Here is what I've tried so far:

(Running eJabber v0.7.5 from the CVS on a FC3 system)

Configured ejabberd.cfg with the following:

% Authentification method.  If you want to use internal user base, then
use % this line:
%{auth_method, internal}.

% For LDAP authentification use these lines instead of above one:
{auth_method, ldap}.
{ldap_servers, ["vidconf1.wireless.attws.com"]}.    % List of LDAP
servers
{ldap_uidattr, "sAMAccountName"}.            % LDAP attribute that holds
user ID
{ldap_base, "dc=vidconf1,dc=wireless,dc=attws,dc=com"}. % Base of LDAP
directory

When I attempt to login with either a Jabber client or via the web
interface it fails.

Examining the packets hitting the directory server (Windows 2003), I see
the following:

Packet from the eJabber Server to the Directory:

LDAP: ProtocolOp: SearchRequest (3)
LDAP: Filter
LDAP: Filter Type = Equality Match
LDAP: Attribute Type =sAMAccountName
LDAP: Attribute Value =bbrazell

Response from the Dierctory to the eJabber Server:

LDAP: ProtocolOp: SearchResponse Reference (19)
LDAP: ProtocolOp = SearchResponse (simple)
LDAP: Result Code = Success

Looks like the Directory is responding properly and the eJabber Server
isn't processing the response properly.

I've made the changes suggested in
http://ejabberd.jabber.ru/node/82#comment-259 , recompiled, and
restarted ejabberd, but the symptoms didn't change.

Is there something I'm missing?  Should I be attempting to do this with
an external auth script?

Any help is appreciated.


More information about the ejabberd mailing list