[ejabberd] access_commands in ejabberd.cfg and vhosts (ejabberd2.1)

Pablo Platt pablo.platt at yahoo.com
Mon Jun 1 14:01:55 MSD 2009


Peter,

Thank you for the suggestion. 

I've commented the mod_rest part in the modules section of the main config file.
In example1.cfg I have:

{host_config, "example1.com",
 [
  {acl, admin1, {user, "admin1", "example1.com"}},
  {access, rest1, [{allow, admin1}]},
  {{add, modules},
   [
    {mod_rest, [ {access_commands,[{rest1, all, [{host, "example1.com"}]}]} ]}
   ]
  }
]}.

Now any user can execute any command as if the mod_rest config has no effect.
Being able to define access_commands for example for a specific host in a separate config file is very helpful.




________________________________
From: Peter Viskup <skupko.sk at gmail.com>
To: ejabberd at jabber.ru
Sent: Monday, June 1, 2009 1:47:52 AM
Subject: Re: [ejabberd] access_commands in ejabberd.cfg and vhosts (ejabberd2.1)

Hi Pablo,
this looks similar to my post "Cannot register to our server" -> http://www.ejabberd.im/node/3350
Try to remove mod_rest configuration record from your main ejabberd.cfg - this should help you to solve this issue. Configuration of mod_rest in example1.cfg file should apply after this removal (and only for vhost example1.com as you require).
Module from 'main' configuration section cannot be reconfigured in vhosts sections - you have to remove it from 'main' and add to 'vhost' with appropriate configuration options.
It is probably related to Erlang language and it's syntax.

Best regards,
Peter "skupko" Viskup
jabber: skupko at jabber.sk
mail: skupko.sk at gmail.com


Pablo Platt wrote:
> Hi,
> 
> I'm using the trunk version ejabberd2.1
> 
> I have two vhosts example1.com and example2.com
> I want to configure mod_rest to allow admin1 from example1.com to execute commands only related to host example1.com
> and the same for admin2 from example2.com to be able to execute commands only related to host example2.com
> The following config works for me. admin1 can execute commands only on example1.com and admin2 can only on example2.com:
> {acl, admin1, {user, "admin1", "example1.com"}}.
> {access, rest1, [{allow, admin1}]}.
> {acl, admin2, {user, "admin2", "example2.com"}}.
> {access, rest2, [{allow, admin2}]}.
> {modules,
>  [
>   {mod_rest, [
>         {access_commands, [
>             {configure, all, []},
>             {rest1, all, [{host, "example1.com"}]},
>             {rest2, all, [{host, "example2.com"}]}
>         ]}
>   ]},
> 
> Now I'm trying to put vhost related configurations in a separate config file example1.cfg and example2.cfg
> I'm including them at the end of my ejabberd.cfg using:
> {include_config_file, "/etc/ejabberd/example1.cfg"}.
> I removed acl, access and mod_rest configuration related to vhosts and added to example1.cfg, example2.cfg.
> Now admin (access rule configure) can execute commands on any vhost but
> admin1 from example1.com and admin2 from example2.com can't execute any commands.
> 
> ejabberd.cfg:
> {modules,
>  [
>   {mod_rest, [
>         {access_commands, [
>             {configure, all, []}
>         ]}
>   ]},
> 
> example1.cfg:
> {host_config, "example1.com",
>  [
>   {acl, admin1, {user, "admin1", "example1.com"}},
>   {access, rest1, [{allow, admin1}]},
>   {{add, modules},
>    [
>     {mod_rest, [ {access_commands,[{rest1, all, [{host, "example1.com"}]}]} ]}
>    ]
>   }
> ]}.
> 
> Is it possible to configure access_commands in several places or do I have to set all of them in the main config file?
> 
> Thanks
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>  

_______________________________________________
ejabberd mailing list
ejabberd at jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20090601/eb1040ec/attachment-0001.htm>


More information about the ejabberd mailing list