[ejabberd] Using the full JID in a LDAP field

Lionel Dricot zeploum at gmail.com
Fri Jul 25 12:23:12 MSD 2008


It seems that I was not confident enough because it works !

{host_config, "domainXt", [{auth_method,ldap},
 {ldap_servers,  ["localhost"]},
 {ldap_uids,     [{"mail", "%u at domainX"}]},
 {ldap_base,   "ou=users, dc=example,dc=com"},
 {ldap_filter, "(&(objectClass=mailAccount)(mail=*@domainX))"},
 {ldap_rootdn, ""},
 {ldap_password, ""}]}.


The only last bit that will be great would be to do that automatically for
all domainX in the ou=domains. But I guess it's another story :-)
(sorry for the noise, I really didn't ever think it would work so easily)

On Fri, Jul 25, 2008 at 10:01 AM, Lionel Dricot <zeploum at gmail.com> wrote:

> Hello,
>
> I'm currently trying to configure Ejabberd with LDAP to share
> authentification with the IMAP server. My goal is to have a Jabber account
> which is the same as their mail adress.
>
> Because I use virtual domains, I don't use the uid of users to log to the
> imap server but I use the "mail" entry. Indeed, uid are all uniques but two
> user could have the same "screen name" on two different domain. For example,
> I want that it's possible to have bill at domain1 and bill at domain2 as two
> separates users of my system. (their uid would probably be bill1 and bill2
> but they will never see that).
>
> In my IMAP server (dovecot), this is achieved by the following
> configuration :
>
>     base = dc=example,dc=org
>     user_attrs = mailbox=home
>     user_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
>
>     pass_attrs = mail=user,userPassword=password
>     pass_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
>
>
> It works great. User log in using their mail adress.
>
> My question is : how can I do the same on Ejabberd ? Yesterday in the chat
> room, some very helpful people pointed me to
> http://svn.process-one.net/ejabberd/trunk/doc/guide.html#ldap
>
> But I'm still unable to figure out how to achieve what I want with those
> command (I'm not the brightest admin in the world).
>
> Currently, my idea is :
>
> For each virtual domain domainX (domain1, domain2, ...)
>
> {host_config, "domainX", [{auth_method,   ldap},
>                           {ldap_servers,  ["localhost"]},
>                               {ldap_uids,     [{"mail", "%u at domainX"}]},
>
>                               {ldap_filters, filter_that_takes_only_people_with "domainX" in the mail field},
>                               {ldap_base,   "ou=users, dc=example,dc=com"},
>                               {ldap_rootdn, ""},
>
>                               {ldap_password, ""}]}.
>
>
> I have still to figure out how to make the filter but I'm not convinced
> that it will work and that it is the easiest solution.
>
> So, what do you think ? Is there anyone who encountered the same
> configuration ? What would you do in my situation ?
>
> Thank you a lot for reading,
>
> Lionel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jabber.ru/pipermail/ejabberd/attachments/20080725/d68d434f/attachment.htm 


More information about the ejabberd mailing list