[ejabberd] New node?!

Márcio Luciano Donada mdonada at auroraalimentos.com.br
Fri Dec 11 20:49:18 MSK 2009

Konstantin Khomoutov escreveu:
> On Fri, 11 Dec 2009 13:11:29 -0200
> Márcio Luciano Donada <mdonada at auroraalimentos.com.br> wrote:

> 1) (The simplest one.) Create a same-named special group in each LDAP
>    domain, of which users granted access to your XMPP server should be
>    members of. Then, in the first domain, all users should be the members
>    of this group, and in the second -- only those which are granted access
>    to XMPP.
>    To enforce checking of group membership, your ldap_filter specification
>    should include checking of some appropriate attribute(s);
>    for Microsoft AD this should be "memberOf" and the resulting
>    ldap_filter string should be something like this:
>    {ldap_filter, "(memberOf=CN=XMPP Users,DC=yourdomain,DC=local)"}.
>    A modification to this solution could be creating just one special
>    group for XMPP users -- for the users of the second domain only,
>    and complicating the LDAP filter by providing an alteration
>    (using the "|" compound operator) which would match either any user
>    from the first domain or members of that specific group.

Hi Konstantin,
Iam using ldap for domain1:

{auth_method, ldap}.
{ldap_servers, [""]}.                                  %
{ldap_uidattr, "uid"}.                                          %
{ldap_base, "ou=Usuarios,dc=xxxxxxxxxxxxx,dc=com,dc=br"}.     % Search
{ldap_rootdn, "cn=suporte,dc=xxxxxxxxxxxxx,dc=com,dc=br"}.    % LDAP
{ldap_password, "adfadsfsafadsfasdfasdfasdfasdfasdfsadf"}.

For domain2, authenticate user only present in the group
{ldap_base, "cn=CPD,ou=Grupos,dc=auroraalimentos,dc=com,dc=br"}.

Márcio Luciano Donada <mdonada at auroraalimentos dot com dot br>
Aurora Alimentos - Cooperativa Central Oeste Catarinense
Departamento de T.I.

More information about the ejabberd mailing list