[ejabberd] Unsucessful LDAP validation with some users

Konstantin Khomoutov flatworm at users.sourceforge.net
Wed Aug 19 22:27:35 MSD 2009


>>>> Anyway, looks like we need you to post the relevant parts of your 
>>>> ejabberd config.
>>>> `grep ldap /etc/ejabberd/ejabberd.cfg` should be OK after removing 
>>>> any passwords from it.
>>> %%%      {ldap_rootdn, "dc=example,dc=com"}.
>>> {auth_method, ldap}.
>>> {host_config, "raminatrans.com", [{auth_method, [ldap]},
>>> {ldap_servers, ["data"]},
>>> {ldap_base, "DC=raminatrans,DC=com"},
>>> {ldap_rootdn, "CN=Administrador 
>>> Sistemas,CN=Users,DC=raminatrans,DC=com"},
>>> {ldap_password, "XXXXXX"},
>>> {ldap_uids, [{"sAMAccountName"}]}
>>> %%{ldap_filter, "(memberOf=*)"}
>>
>> Try uncommenting the ldap_filter clause, and set its value to an empty 
>> string, like this:
>> {ldap_filter, ""}
>> then restart ejabberd and see if it helps.
> maybe... At this precise moment i found the problem
> 
> In the log I can see...
> =INFO REPORT==== 2009-08-19 13:11:00 ===
> D(<0.267.0>:eldap:636) : {searchRequest,
>                           {'SearchRequest',"DC=raminatrans,DC=com",
>                            wholeSubtree,neverDerefAliases,0,0,false,
>                            {'and',
>                             [{equalityMatch,
>                               {'AttributeValueAssertion',"sAMAccountName",
>                                "rmn.informatica"}},
>                              {present,"memberOf"}]},
>                            []}}
> 
> ejabberd needs that the user must belong to more than one AD group...I 
> read this in the clause ---> present, memberOf
> 
> I just add one user to one group and runs!

I'm sure that you fixed the wrong problem. Please re-read what I written 
after the paragraph you quoted.
Ejabberd does not require anything from your LDAP schema, and "present" 
is just a human-readable name for the "=*" class of LDAP filter assertions.


More information about the ejabberd mailing list