[ejabberd] ejabberd + windows AD

Konstantin Khomoutov flatworm at users.sourceforge.net
Wed Jan 14 16:41:46 MSK 2009

Agnello George wrote:

> {host_config, "swapnil123.com", [{auth_method, ldap},
>                               {ldap_servers, [""]},
>                               {ldap_uids, [{"sAMAccountName"}]},
>                               {ldap_base, "dc=swapnil123,dc=com"},
>                               {ldap_rootdn,
> "cn=administrator,cn=Users,dc=swapnil123,dc=com"},
>                               {ldap_filter, "(memberOf=*)"},
>                               {ldap_password, "qwerasdf"}]}.
> D(<0.267.0>:eldap:587) : {searchRequest,
>                           {'SearchRequest',"dc=swapnil123,dc=com",
>                            wholeSubtree,neverDerefAliases,0,0,false,
>                            {'and',
>                             [{equalityMatch,
>                               {'AttributeValueAssertion',"sAMAccountName",
>                                "user4"}},
>                              {present,"memberOf"}]},
>                            []}}

1) At first, try to comment out the ldap_filter parameter. While it 
appears to be correct (while being effectively a no-op in my sense 
because I hardly imagine a record in a Windows AD which isn't a member 
of any group), you didn't use it in your invocation of ldapsearch, which 
would have been

ldapsearch -x  -v -D "cn=administrator,cn=Users,dc=swapnil123,dc=com" -b 
"dc=swapnil123,dc=com" "&(sAMAccountName=User4)(memberOf=*)"  -W  -h

in that case, so I can't be sure it doesn't affect the result set.

2) Secondly, you use "User4" in your testing search request while 
ejabberd sends "user4", lowercased, as required by the JID normalization 
rules, IIRC. And the LDAP equality match in the search request created 
by ejabberd impies the exact matching (again, IIRC). That might be 
another cause of the problem.

More information about the ejabberd mailing list