[ejabberd] Authenticate ejabber users using a non-admin LDAP account

Konstantin Khomoutov flatworm at users.sourceforge.net
Tue Feb 8 16:48:56 MSK 2011

On Tue, 8 Feb 2011 13:55:55 +0100
davidb.arbete+forum+ejabberd.im at gmail.com wrote:

> I am doing some experimenting with ejabberd, setting it up to use AD
> (LDAP) for authentication. Since I am not the administrator of the AD
> server I try use my own (=a regular user) credentials to login (bind)
> to the AD server and then look up other users via my login but it does
> not seem to work. The following error message appear in the log:
>       =INFO REPORT==== 2011-02-08 11:07:05 ===
>       I(<0.263.0>:eldap:967) : LDAP connection on site.company.com:389
>       =WARNING REPORT==== 2011-02-08 11:07:05 ===
>       W(<0.263.0>:eldap:915) : LDAP bind failed on
> site.company.com:389 Reason: invalidCredentials
> This error message is obvious enough so I wonder if what I try to do
> even is possible? I mean, I can see all other users when using an LDAP
> browsers but that might not be enough?

One cause of this might be improperly specified full DN of the binding
user. You can try to use simpler way to specify it, like this:

{ldap_rootdn, "davidb at domain.local"},
{ldap_password, "secret"},

This works for me (Windows AD as well).

More information about the ejabberd mailing list