[ejabberd] mod_shared_roster_ldap and ActiveDirectory

Joti joti.mail at gmail.com
Mon Aug 30 21:35:40 MSD 2010


Hello Guys,

just recently I've tried the third time to get a nice prepopulated roster
working with ejabberd, the ldap auth and mod_shared_roster_ldap (as of here:
http://ejabberd-msrl.alioth.debian.org/ ) using an ActiveDirectory backend.

What works flawlessly is
  - the LDAP auth
  - the VCards
  - the standard shared roster (for our bots)

What does not work is to get everyones roster prepopulated with the members
of the LDAP-groups they are in.

We are using a somewhat modified AD here, that is as follows:

 %%special ldap shared roster foo
  {mod_shared_roster_ldap,[
    {ldap_base, "OU=group,DC=foo,DC=bar,DC=baz"},
    {ldap_rfilter, "(objectClass=group)"},
    {ldap_filter, ""},
    {ldap_gfilter, "(&(objectClass=group)(cn=%g))"},
    {ldap_groupdesc, "displayName"},
    {ldap_memberattr, "member"},
    {ldap_memberattr_format, "cn=%u,ou=passwd,DC=foo,DC=bar,DC=baz"},
    {ldap_ufilter, "(&(objectClass=organizationalPerson)(cn=%u))"},
    {ldap_userdesc, "displayName"}
  ]},

The tree has a subtree OU=passwd,DC=foo,DC=bar,DC=baz that contains all
users with the type of "organizationalPerson" and one of
OU=group,DC=foo,DC=bar,DC=baz .
Each group has member entries with DNs with their members
Each user dn has entries of the form "memberOf=GroupDN".

I am able to get this connected to some Java Applications and useable with
Apache, anyhow my foo is not strong enough to get this working with
mod_shared_roster_ldap. Although it would be really nice and probably bring
up the adoption of instant messaging quite a lot.

If anyone has any suggestions on this, they would be highly welcome!

Thanks for your help :)

Regards,
joti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20100830/b5227adf/attachment-0001.html>


More information about the ejabberd mailing list