[ejabberd] LDAP: mod_shared_roster_ldap; groupOfNames, one jabber group

Nick Urbanik nick.urbanik at optusnet.com.au
Thu May 3 13:04:49 MSK 2012

Dear Folks,

Sorry, it actually works!  Apologies for the noise.

On 03/05/12 15:29 +1000, Nick Urbanik wrote:
>Dear Folks,
>I do not understand the documentation of mod_shared_roster_ldap,
>particularly how the searches are made, and how the %g and %u values
>are used.
>I am attempting to get this working so that some eighty or so members
>of an LDAP group (of type groupOfNames) are all displayed in each
>other's buddy list, without the need to manually add each other.
>I have this configuration at the top level:
>{auth_method, ldap}.
>{ldap_servers, ["ldapserver.example.com"]}.
>{ldap_encrypt, none}.
>{ldap_port, 389}.
>{ldap_base, "ou=People,dc=example,dc=com"}.
>{ldap_uids, [{"uid", "%u"}]}.
>{ldap_filter, "(&(status=active)(memberOf=cn=jabber,ou=groups,dc=example,dc=com))"}.
>and later:
> {mod_shared_roster_ldap,[
>    {ldap_base,       "dc=example,dc=com"},
>    {ldap_rfilter,    "(cn=jabber)"},
>    {ldap_filter,     ""},
>    {ldap_ufilter,    "(&(uid=%u)(memberOf=cn=jabber,ou=groups,dc=example,dc=com))"},
>    {ldap_groupdesc,  "description"},
>    {ldap_memberattr_format, "uid=%u,ou=People,dc=example,dc=com"},
>    {ldap_gfilter,    "(cn=jabber)"},
>    {ldap_groupattr,  "cn"},
>    {ldap_memberattr, "member"},
>    {ldap_userid,     "uid"},
>    {ldap_userdesc,   "cn"}
>  ]},
>I am using OpenLDAP 2.4.30 with the memberOf overlay, which
>automatically puts the "member" attribute into the entries of people.
>Here is part of the jabber group entry (I have changed the uid, name
>and userPassword attributes, and the suffix of the LDAP tree).
>$ ldapsearch -xLLLb cn=jabber,ou=Groups,dc=example,dc=com
>dn: cn=jabber,ou=Groups,dc=example,dc=com
>objectClass: groupOfNames
>member: uid=norisl,ou=People,dc=example,dc=com
>cn: jabber
>description: Jabber XMPP Users
>Here is a part of a user entry:
>$ ldapsearch -xLLLb uid=norisl,ou=People,dc=example,dc=com \* memberOf
>dn: uid=norisl,ou=People,dc=example,dc=com
>cn: Noris Lurker
>userPassword:: JDEkc2FsdHltbW0kb282Y3A3MXFHZWhmeUtkL3BDTEdHLgo=
>status: active
>sn: Lurker
>uid: norisl
>givenName: Noris
>email: noris.lurker at example.com
>memberOf: cn=jabber,ou=Groups,dc=example,dc=com
>objectClass: employee
>I just want just one jabber group, so that all people who belong to the
>jabber group are able to talk to each other without any manual adding
>of other people to their buddy list.  I want each person to
>authenticate themselves to the server.
>At the moment, I have everyone offline.
>Any suggestions on how to set this up are most welcome.
Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.

More information about the ejabberd mailing list