[ejabberd] single roster of all ldap users... mod_shared_roster_ldap?

Ben Bradley ben at batfastad.com
Fri Apr 13 05:36:39 MSK 2012


2012/4/12 Łukasz Jagiełło <jagiello.lukasz at gmail.com>

> 2012/4/12 Ben Bradley <batfastad at gmail.com>:
> > From looking through the docs for mod_shared_roster_ldap it seems that
> you
> > need to have groups defined in your LDAP schema to act as the different
> > rosters.
> > Is that correct?
> >
> > Is there a way to have a roster from an LDAP directory which is purely
> the
> > results of a single LDAP filter?
>
> You looking something like that ?
>
> #v+
> {mod_shared_roster_ldap, [
>    { ldap_servers, ["10.X.Y.Z"] },
>    { ldap_rootdn, "cn=PAM,ou=System,dc=domain,dc=com" },
>    { ldap_password, "password" },
>    { ldap_port, 636 },
>    { ldap_encrypt, tls },
>    { ldap_base, "ou=accounts,dc=domain,dc=com" },
>    { ldap_filter, "" },
>    { ldap_gfilter, "(&(objectClass=employee)(ou=%g))" },
>    { ldap_rfilter, "(&(objectClass=employee)(!(o=fire)))" },
>    { ldap_ufilter, "(&(objectClass=employee)(cn=%u))" },
>    { ldap_groupdesc, "ou" },
>    { ldap_memberattr, "uid" },
>    { ldap_userdesc, "displayName" },
>    { ldap_auth_check, off }
>  ]},
> #v-
>

I'm not sure that's quite what I'm looking for.

Here's my LDAP tree... http://pastebin.com/pfHim8Uh

To explain, I have 2 domains in the directory (domain1.com and domain2.com)
but possibly more in the future.
Under each domain branch, there's a single ou=people branch and each user
branch is listed under that.

I'd like a single roster for domain1.com users containing all other users
under domain1.
So dave's roster will show laura, steve and phil.

And a single roster for domain2.com users containing all other users under
domain2.
So alan's roster will show ian, martin, jane.

The roster membership of each uid is defined by an attribute called
zimbraMailDeliveryAddress which has a value in the format of uid at domain1.comor
uid at domain2.com
This should be matched against the zimbraDomainName attribute under each
domain branch.

So far I've got this...
{mod_shared_roster_ldap, [
    %% LDAP server settings are set up by my auth_method declaration
    {ldap_base, ""},
    {ldap_auth_check, off},
    {ldap_filter, ""},

    {ldap_groupdesc, "zimbraDomainName"},
    {ldap_userdesc, "displayName"}
]},

But I've no idea what the rest needs to be. I'm really confused by the use
of %g in the attr parameters.

Any ideas?

Cheers, B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120413/df1ea566/attachment.html>


More information about the ejabberd mailing list