[ejabberd] Unsucessful LDAP validation with some users

J. Ernesto suarez.ernesto at gmail.com
Wed Aug 19 20:31:06 MSD 2009


El 19/08/2009, a las 18:25, Konstantin Khomoutov escribió:

> J. Ernesto wrote:
> [...]
>>> Anyway, looks like we need you to post the relevant parts of your  
>>> ejabberd config.
>>> `grep ldap /etc/ejabberd/ejabberd.cfg` should be OK after removing  
>>> any passwords from it.
>> %%%      {ldap_rootdn, "dc=example,dc=com"}.
>> {auth_method, ldap}.
>> {host_config, "raminatrans.com", [{auth_method, [ldap]},
>> {ldap_servers, ["data"]},
>> {ldap_base, "DC=raminatrans,DC=com"},
>> {ldap_rootdn, "CN=Administrador  
>> Sistemas,CN=Users,DC=raminatrans,DC=com"},
>> {ldap_password, "XXXXXX"},
>> {ldap_uids, [{"sAMAccountName"}]}
>> %%{ldap_filter, "(memberOf=*)"}
>
> Try uncommenting the ldap_filter clause, and set its value to an  
> empty string, like this:
> {ldap_filter, ""}
> then restart ejabberd and see if it helps.
maybe... At this precise moment i found the problem

In the log I can see...
=INFO REPORT==== 2009-08-19 13:11:00 ===
D(<0.267.0>:eldap:636) : {searchRequest,
                           {'SearchRequest',"DC=raminatrans,DC=com",
                            wholeSubtree,neverDerefAliases,0,0,false,
                            {'and',
                             [{equalityMatch,
                                
{'AttributeValueAssertion',"sAMAccountName",
                                "rmn.informatica"}},
                              {present,"memberOf"}]},
                            []}}

ejabberd needs that the user must belong to more than one AD group...I  
read this in the clause ---> present, memberOf

I just add one user to one group and runs!
>
> The problem, it seems, is that ejabberd stores its configuration in  
> a special database, and the config file just overrides that bits of  
> the configuration which are explicitly mentioned. So that  
> "memberOf=*" assertion gets added to LDAP requests even if it is  
> commented out.
>
> BTW I have ldap_filter set to "(objectCategory=Person)" in my setup  
> (which is also authenticates about a Windows AD using LDAP).
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd



More information about the ejabberd mailing list