[ejabberd] LDAP: mod_shared_roster_ldap; groupOfNames, one jabber group

Nick Urbanik nick.urbanik at optusnet.com.au
Thu May 3 09:29:56 MSK 2012


Dear Folks,

I do not understand the documentation of mod_shared_roster_ldap,
particularly how the searches are made, and how the %g and %u values
are used.

I am attempting to get this working so that some eighty or so members
of an LDAP group (of type groupOfNames) are all displayed in each
other's buddy list, without the need to manually add each other.

I have this configuration at the top level:
{auth_method, ldap}.
{ldap_servers, ["ldapserver.example.com"]}.
{ldap_encrypt, none}.
{ldap_port, 389}.
{ldap_base, "ou=People,dc=example,dc=com"}.
{ldap_uids, [{"uid", "%u"}]}.
{ldap_filter, "(&(status=active)(memberOf=cn=jabber,ou=groups,dc=example,dc=com))"}.

and later:
  {mod_shared_roster_ldap,[
     {ldap_base,       "dc=example,dc=com"},
     {ldap_rfilter,    "(cn=jabber)"},
     {ldap_filter,     ""},
     {ldap_ufilter,    "(&(uid=%u)(memberOf=cn=jabber,ou=groups,dc=example,dc=com))"},
     {ldap_groupdesc,  "description"},
     {ldap_memberattr_format, "uid=%u,ou=People,dc=example,dc=com"},
     {ldap_gfilter,    "(cn=jabber)"},
     {ldap_groupattr,  "cn"},
     {ldap_memberattr, "member"},
     {ldap_userid,     "uid"},
     {ldap_userdesc,   "cn"}
   ]},

I am using OpenLDAP 2.4.30 with the memberOf overlay, which
automatically puts the "member" attribute into the entries of people.

Here is part of the jabber group entry (I have changed the uid, name
and userPassword attributes, and the suffix of the LDAP tree).

$ ldapsearch -xLLLb cn=jabber,ou=Groups,dc=example,dc=com
dn: cn=jabber,ou=Groups,dc=example,dc=com
objectClass: groupOfNames
member: uid=norisl,ou=People,dc=example,dc=com
cn: jabber
description: Jabber XMPP Users

Here is a part of a user entry:
$ ldapsearch -xLLLb uid=norisl,ou=People,dc=example,dc=com \* memberOf
dn: uid=norisl,ou=People,dc=example,dc=com
cn: Noris Lurker
userPassword:: JDEkc2FsdHltbW0kb282Y3A3MXFHZWhmeUtkL3BDTEdHLgo=
status: active
sn: Lurker
uid: norisl
givenName: Noris
email: noris.lurker at example.com
memberOf: cn=jabber,ou=Groups,dc=example,dc=com
objectClass: employee

I just want just one jabber group, so that all people who belong to the
jabber group are able to talk to each other without any manual adding
of other people to their buddy list.  I want each person to
authenticate themselves to the server.

At the moment, I have everyone offline.
Any suggestions on how to set this up are most welcome.
-- 
Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.


More information about the ejabberd mailing list