[ejabberd] Config from LDAP?

Gavin Henry ghenry at surevoip.co.uk
Thu Jul 5 18:57:25 MSK 2012


> On 05.07.2012 07:10, Gavin Henry wrote:
>>
>> Hi,
>>
>> I'd like to know if it's possible to serve up core ejabberd config
>> from a directory server? I'm trying to have multiple domains like:
>>
>> companyname.hosted.surevoip.co.uk
>>
>> The companyname should be populated via an LDAP lookup and people in
>> the domain can then auth using the LDAP config.
>>
>> Is this possible or would a domain and a set of ldap configuration
>> directives always need to be added to the config file?
>
>
> It's definitely impossible to load config from LDAP - this is not
> implemented (and not that simple to implement).

OK, can you add new hosts with out a restart via an API or similar? I
can only see a config file with hosts in it.

I see you can use an RDBMS. Can that hold hosts infornation too?

>>
>> Or would it be better just having xmpp.surevoip.co.uk and allowing a
>> flexible auth for these types of users?
>
>
> Define flexible auth.

Something like:

%
%% Authentication using LDAP
%%

{auth_method, ldap}.

%%
%% List of LDAP servers:

{ldap_servers, ["ldap.surevoip.co.uk"]}.

%%
%% Encryption of connection to LDAP servers (LDAPS):

ldap_encrypt, tls}.

%%
%% Port connect to LDAP server:

{ldap_port, 389}.


%%
%% LDAP manager:

{ldap_rootdn, "cn=ejabberdadmin,ou=xmpp,ou=services,dc=surevoip,dc=co,dc=uk"}.

%% Password to LDAP manager:

{ldap_password, "testing"}.

%%
%% Search base of LDAP directory:

{ldap_base, "ou=hosted,dc=surevoip,dc=co,dc=uk"}.

%%
%% LDAP attribute that holds user ID:

{ldap_uids, [{"cn", "%u@%d"}]}.

%% LDAP filter:

{ldap_filter, "(&(service=xmpp)(enabled=yes)(domain=%d))"}

Can you use %d in the main filter? Not got this far yet.


>>
>> companyname1 shouldn't be allowed by default to chat to or list people
>> from companyname2. So I'm trying to design this
>> right.
>>
>> Thanks.
>>
>
> I don't see any solutions to this.

I'm trying to give them their own xmpp domain each with easier
provisioning of these new domains so we can hook that up to our API.
Also I'd like to use our *.hosted.surevoip.co.uk wildcard SSL cert.

Thanks,

Gavin.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 900123
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry at surevoip.co.uk

http://www.surevoip.co.uk/

Suretec Systems T/A SureVoIP is a limited company registered in
Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Did you see the SureVoIP API news? -
http://www.surevoip.co.uk/news-events/surevoip-launches-innovative-api
and http://www.surevoip.co.uk/api


More information about the ejabberd mailing list