[ejabberd] Limiting groups with mod_shared_roster_ldap

Yiorgis Gozadinos ggozad at jarn.com
Fri Mar 16 17:00:00 MSK 2012

We would like to use mod_shared_roster_ldap in a large installation with a lot of users grouped in small teams represented by ldap groups.
When obtaining the roster through ejabberd, we always get ALL the groups regardless whether the user is a member of the group. We fought a lot with the configuration only to figure out that also the example in the ejabberd guide works in the same way, i.e. all groups are returned regardless of the user's membership.

Is there a way to restrict the query to only return groups that the user is a member of?

Here is our configuration:

      {ldap_base, "dc=myapp,dc=com"},
      {ldap_rfilter, "(objectClass=myappGroup)"},
      {ldap_filter, ""},
      {ldap_gfilter, "(&(objectClass=myappGroup)(uniqueIdentifier=%g))"},
      {ldap_ufilter, "(&(objectClass=myappPerson)(uid=%u))"},
      {ldap_groupattr, "uniqueIdentifier"},
      {ldap_groupdesc, "uniqueIdentifier"},
      {ldap_memberattr, "member"},
      {ldap_memberattr_format, "uid=%u,ou=people,dc=myapp,dc=com"},
      {ldap_useruid, "uid"},
      {ldap_userdesc, "displayName"}

with the dn for the groups looking like:
and the dn for a user:

myappPerson and myappGroup are subclasses of inetOrgPerson and groupOfNames respectively.

Thank you in advance,

Yiorgis Gozadinos

More information about the ejabberd mailing list