[ejabberd] LDAP Authentification with memberOf group filter problem

Olivier LARRIGAUDIERE ejabberd at not.centaure.info
Fri Mar 4 23:05:07 MSK 2011


Hi,

I run ejabberd 2.0.1 on debian lenny box.

I've successfuly enabled ldap authentification for all the users in the 
ldap database.

Now I have created a specific group and I want that only users of this 
group can login. I have modified ejabberd.cfg file to filter the members 
of the group "CN=MessagerieInstantanee,ou=Groups,dc=test,dc=com".

My ejabberd.cfg for the ldap auth section:

{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["localhost"]}.
%%
%% Encryption of connection to LDAP servers (LDAPS):
%%{ldap_encrypt, tls}.
%%
%% Port connect to LDAP server:
%%{ldap_port, 636}.
%%
%% LDAP manager:
%%{ldap_rootdn, "dc=example,dc=com"}.
%%
%% Password to LDAP manager:
%%{ldap_password, "******"}.
%%
%% Search base of LDAP directory:
{ldap_base, "ou=Users,dc=test,dc=com"}.
%%
%% LDAP attribute that holds user ID:
%%{ldap_uids, [{"mail", "%u at mail.example.org"}]}.
%%
%% LDAP filter:
{ldap_filter, 
"(memberOf=CN=MessagerieInstantanee,ou=Groups,dc=test,dc=com)"}.

Now I can't login (my user is a member of the group).

I have this in the log:

=INFO REPORT==== 2011-03-04 19:37:09 ===
D(<0.261.0>:eldap:636) : {searchRequest,
                           {'SearchRequest',"ou=Users,dc=test,dc=com",
                            wholeSubtree,neverDerefAliases,0,0,false,
                            {'and',
                             [{equalityMatch,
                               {'AttributeValueAssertion',"uid",
                                "olivier"}},
                              {equalityMatch,
                               {'AttributeValueAssertion',"memberOf",

"CN=MessagerieInstantanee,ou=Groups,dc=test,dc=com"}}]},
                            []}}


Thanks for your help.


Regards,
Olivier


More information about the ejabberd mailing list