[ejabberd] Problem with active directory addressbook

Theodotos Andreou theo at prime-tel.com
Wed May 6 13:17:56 MSD 2009


Evgeniy Khramtsov wrote:
> Theodotos Andreou wrote:
>> I am using the mod_vcard_ldap directory against an Active Directory
>> setup I have at work but does not work. I can successfully authenticate
>> against the AD server but when I try to search for anything I get an
>> empty results set.
>>
>> I am using ejabberd Version: 2.0.3-1 from the debian lenny repositories
>> and the pidgin 2.5.5 client. My mod_vcard_ldap setup is :
>>
>>
>>   {mod_vcard_ldap,
>>    [
>>       %%{ldap_servers, ["ad.example.com"]},
>>       %%{ldap_port, 389},
>>       %%{ldap_rootdn, "ejabberd at example.com"},
>>       %%{ldap_password, "secret"},
>>       %%{ldap_base, "cn=Users,dc=EXAMPLE,dc=COM"},
>>       %%{search, true},
>>       %%{matches, 900},
>>       {ldap_vcard_map,
>>      [{"NICKNAME", "%u", []},
>>       {"GIVEN", "%s", ["givenName"]},
>>       {"MIDDLE", "%s", ["initials"]},
>>       {"FAMILY", "%s", ["sn"]},
>>       {"FN", "%s", ["displayName"]},
>>       {"EMAIL", "%s", ["mail"]},
>>       {"ORGNAME", "%s", ["company"]},
>>       {"ORGUNIT", "%s", ["department"]},
>>       {"CTRY", "%s", ["c"]},
>>       {"LOCALITY", "%s", ["l"]},
>>       {"STREET", "%s", ["streetAddress"]},
>>       {"REGION", "%s", ["st"]},
>>       {"PCODE", "%s", ["postalCode"]},
>>       {"TITLE", "%s", ["title"]},
>>       {"URL", "%s", ["wWWHomePage"]},
>>       {"DESC", "%s", ["description"]},
>>       {"TEL", "%s", ["telephoneNumber"]}]},
>>     {ldap_search_fields,
>>      [{"User", "%u"},
>>       {"Name", "givenName"},
>>       {"Family Name", "sn"},
>>       {"Email", "mail"},
>>       {"Company", "company"},
>>       {"Department", "department"},
>>       {"Role", "title"},
>>       {"Description", "description"},
>>       {"Phone", "telephoneNumber"}]},
>>     {ldap_search_reported,
>>      [{"Full Name", "FN"},
>>       {"Nickname", "NICKNAME"},
>>       {"Email", "EMAIL"}]}
>>   ]},
>>
>> I tried the setup with the global mod_vcard_ldap options uncommented but
>> nothing happened. Any clues
> 
> It is hard to say anything because a configuration depends on your LDAP
> schema. But if you have a standard AD tree, the example from ejabberd
> guide should (must?) works.

Actually it is copy paste from the guide. I added the additional options
in the hope that they will solve the problem but no luck. Now it is back
on the setup from the guide

> 
> Also, could you please provide the whole LDAP configuration options from
> your config file?
> 

The ldap config follows. Authentication is working

%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["ad.example.com"]}.
%%
%% Encryption of connection to LDAP servers (LDAPS):
%%{ldap_encrypt, tls}.
%%
%% Port connect to LDAP server:
%%{ldap_port, 636}.
%%
%% LDAP manager:
{ldap_rootdn, "ejabberd at example.com"}.
%%
%% Password to LDAP manager:
{ldap_password, "secret"}.
%%
%% Search base of LDAP directory:
{ldap_base, "dc=EXAMPLE,dc=COM"}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName"}]}.
%%
%% LDAP filter:
%%{ldap_filter, "(objectClass=shadowAccount)"}.
{ldap_filter, "(memberOf=*)"}.


More information about the ejabberd mailing list