[ejabberd] LDAP

Christoff van Zyl christoffv at bercoexpress.co.za
Wed Jan 23 14:32:10 MSK 2008


i all

I have am busy to setup a ejabberd server but have run into a few problems. I 
was wondering if somebody could help me with some pointers to resolve the 
issues.

I would like to have the following in the server.

1. LDAP, auth and vcard
2. Logging to a Mysql db ( Bandrsnatch)

I know ejabberd.2.0.0-beta1 is not the right version for a production server, 
but currently only a few people will use the system.

My problems, I have followed the manual to the point for the LDAP part and I 
can't get people to register new accounts. ( I have setup auth also with odbc 
using Mysql and it is working.) Is it true that you can't register users when 
you use ldap.

This is my error, (tail -f /var/log/syslog)
Jan 22 11:37:13 testbox slapd[4527]: daemon: activity on 1 descriptor
Jan 22 11:37:13 testbox slapd[4527]: daemon: activity on:
Jan 22 11:37:13 testbox slapd[4527]:  14r
Jan 22 11:37:13 testbox slapd[4527]:
Jan 22 11:37:13 testbox slapd[4527]: daemon: read active on 14
Jan 22 11:37:13 testbox slapd[4527]: daemon: epoll: listen=7 active_threads=0 
tvp=NULL
Jan 22 11:37:13 testbox slapd[4527]: daemon: epoll: listen=8 active_threads=0 
tvp=NULL
Jan 22 11:37:13 testbox slapd[4527]: begin get_filter
Jan 22 11:37:13 testbox slapd[4527]: AND
Jan 22 11:37:13 testbox slapd[4527]: begin get_filter_list
Jan 22 11:37:13 testbox slapd[4527]: begin get_filter
Jan 22 11:37:13 testbox slapd[4527]: EQUALITY
Jan 22 11:37:13 testbox slapd[4527]: end get_filter 0
Jan 22 11:37:13 testbox slapd[4527]: begin get_filter
Jan 22 11:37:13 testbox slapd[4527]: EQUALITY
Jan 22 11:37:13 testbox slapd[4527]: end get_filter 0
Jan 22 11:37:13 testbox slapd[4527]: end get_filter_list
Jan 22 11:37:13 testbox slapd[4527]: end get_filter 0
Jan 22 11:37:13 testbox slapd[4527]: conn=10 op=3 SRCH 
base="ou=users,dc=bercoexpress,dc=co,dc=za" scope=2 deref=0 
filter="(&(mail=elrizev at bercoexpress.co.za)(objectClass=shadowAccount))"
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IAND
Jan 22 11:37:13 testbox slapd[4527]: => bdb_list_candidates 0xa0
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IOR
Jan 22 11:37:13 testbox slapd[4527]: => bdb_list_candidates 0xa1
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IEQUALITY
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=0 first=0 
last=0
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IAND
Jan 22 11:37:13 testbox slapd[4527]: => bdb_list_candidates 0xa0
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IEQUALITY
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_equality_candidates: (mail) 
index_param failed (18)
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=-1 first=1 
last=4
Jan 22 11:37:13 testbox slapd[4527]: => bdb_filter_candidates
Jan 22 11:37:13 testbox slapd[4527]: ^IEQUALITY
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=0 first=0 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_list_candidates: id=0 first=1 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=0 first=1 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_list_candidates: id=0 first=0 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=0 first=0 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_list_candidates: id=0 first=3 
last=0
Jan 22 11:37:13 testbox slapd[4527]: <= bdb_filter_candidates: id=0 first=3 
last=0
Jan 22 11:37:13 testbox slapd[4527]: conn=10 op=3 SEARCH RESULT tag=101 err=0 
nentries=0 text=

from tail -f /var/log/ejabberd/ejabberd.log
=INFO REPORT==== 2008-01-22 11:38:39 ===
I(<0.259.0>:ejabberd_listener:112) : (#Port<0.470>) Accepted connection 
{{192,168,9,221},60885} -> {{192,168,10,6},5222}

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.560.0>:ejabberd_receiver:297) : Received XML on stream = "<?xml 
version='1.0'?><stream:stream xmlns=\"jabber:client\" 
to=\"talk.bercoexpress.co.za\" version=\"1.0\" 
xmlns:stream=\"http://etherx.jabber.org/streams\" >"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.561.0>:ejabberd_c2s:1330) : Send XML on stream = "<?xml 
version='1.0'?><stream:stream xmlns='jabber:client' 
xmlns:stream='http://etherx.jabber.org/streams' id='892673026' 
from='talk.bercoexpress.co.za' version='1.0' xml:lang='en'>"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.561.0>:ejabberd_c2s:1330) : Send XML on stream 
= "<stream:features><mechanisms 
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><register 
xmlns='http://jabber.org/features/iq-register'/></stream:features>"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.560.0>:ejabberd_receiver:297) : Received XML on stream = "<iq 
to=\"talk.bercoexpress.co.za\" type=\"get\" id=\"3\"><query 
xmlns=\"jabber:iq:register\" /></iq>"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.561.0>:ejabberd_c2s:1330) : Send XML on stream = "<iq 
from='talk.bercoexpress.co.za' id='3' type='result'><query 
xmlns='jabber:iq:register'><instructions>Choose a username and password to 
register with this server</instructions><username/><password/></query></iq>"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.560.0>:ejabberd_receiver:297) : Received XML on stream = "<iq 
to=\"talk.bercoexpress.co.za\" type=\"set\" id=\"4\"><query 
xmlns=\"jabber:iq:register\"><username>elrizev</username><password>1234</password><instructions>Choose 
a username and password to register with this 
server</instructions></query></iq>"

=INFO REPORT==== 2008-01-22 11:38:39 ===
D(<0.561.0>:ejabberd_c2s:1330) : Send XML on stream = "<iq 
from='talk.bercoexpress.co.za' id='4' type='error'><query 
xmlns='jabber:iq:register'><username>elrizev</username><password>1234</password><instructions>Choose 
a username and password to register with this 
server</instructions></query><error code='405' type='cancel'><not-allowed 
xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>"

My config file contains:

% Authentication using LDAP
{auth_method, ldap}.
{ldap_servers, ["localhost"]}.
{ldap_base, "ou=users,dc=bercoexpress,dc=co,dc=za"}.
{ldap_rootdn, "cn=admin,dc=bercoexpress,dc=co,dc=za"}.
{ldap_password, "Cvz3429"}.

% I have tried all three filters but no luck.
%%{ldap_filter, "(objectClass=shadowAccount)"}.
%%{ldap_uidattr,"uid"}.
%%{ldap_uids, [{"mail", "%u at bercoexpress.co.za"}]}.

My TOP structure for ldap is:
# Here is our topmost entry for bercoexpree
dn: dc=bercoexpress,dc=co,dc=za
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bercoexpress
o: Berco Express (PTY) LTD

# We always need an administrator person to access all the entries
dn: cn=admin,dc=bercoexpress,dc=co,dc=za
objectClass: top
objectClass: organizationalRole
cn: admin

# Organizational unit people
dn: ou=users,dc=bercoexpress,dc=co,dc=za
objectClass: top
objectClass: organizationalUnit
ou: users

# Organizational unit people
dn: ou=addressbook,dc=bercoexpress,dc=co,dc=za
objectClass: top
objectClass: organizationalUnit
ou: addressbook

I am using phpldapadmin and I can log in and see the ou's

I would really appreciate some inputs on this issue.

Thanks a mil......
Christoff van Zyl

--
The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or any action taken or omitted in reliance on the contents of this information is strictly prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, the Berco Group and its associated business entities and/or units accept no liability or responsibility whatsoever if information or data is, for whatever reason, corrupted or does not reach its intended destination.


More information about the ejabberd mailing list