[ejabberd] Unsucessful LDAP validation with some users

Konstantin Khomoutov flatworm at users.sourceforge.net
Wed Aug 19 20:25:47 MSD 2009

J. Ernesto wrote:
>> Anyway, looks like we need you to post the relevant parts of your 
>> ejabberd config.
>> `grep ldap /etc/ejabberd/ejabberd.cfg` should be OK after removing any 
>> passwords from it.
> %%%      {ldap_rootdn, "dc=example,dc=com"}.
> {auth_method, ldap}.
> {host_config, "raminatrans.com", [{auth_method, [ldap]},
> {ldap_servers, ["data"]},
> {ldap_base, "DC=raminatrans,DC=com"},
> {ldap_rootdn, "CN=Administrador Sistemas,CN=Users,DC=raminatrans,DC=com"},
> {ldap_password, "XXXXXX"},
> {ldap_uids, [{"sAMAccountName"}]}
> %%{ldap_filter, "(memberOf=*)"}

Try uncommenting the ldap_filter clause, and set its value to an empty 
string, like this:
{ldap_filter, ""}
then restart ejabberd and see if it helps.

The problem, it seems, is that ejabberd stores its configuration in a 
special database, and the config file just overrides that bits of the 
configuration which are explicitly mentioned. So that "memberOf=*" 
assertion gets added to LDAP requests even if it is commented out.

BTW I have ldap_filter set to "(objectCategory=Person)" in my setup 
(which is also authenticates about a Windows AD using LDAP).

More information about the ejabberd mailing list