[ejabberd] shared_roster_ldap not populating any groups or users

Aaron Martinez willwrk4u at hotmail.com
Mon Jul 22 18:44:31 MSK 2013

Hi All,

I've been trying to get this shared_roster_ldap module working for a while
and I'm not having any luck getting anything to automagically populate,
groups or users.  Here are my configs:


%% {loglevel, 5}.
{loglevel, 4}.
%% {loglevel, 3}.

{domain_certfile, mycompany.com, "/etc/ejabberd/myserver.pem"}.
{fqdn,  messenger.mycompany.com}.

{hosts, ["mycompany.com"]}.

{acl, admin, {user, "apmartinez", "mycompany.com"}}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.

{ldap_servers, ["dc.mycompany.com"]}.
{ldap_uids,    [{"sAMAccountName", "%u"}]}.
%% {ldap_base,  "ou=mycompanyStaff,ou=mycompany,dc=mycompany,dc=com"}.
{ldap_base,  "ou=mycompany,dc=mycompany,dc=com"}.
{ldap_rootdn,  "cn=Administrator,cn=Users,dc=mycompany,dc=com"}.
{ldap_password, "password"}.
{ldap_filter, "(objectClass=organizationalPerson)"}.

  {mod_roster,          []},
  {mod_shared_roster_ldap,              [
                                        {ldap_groupattr, "ou"},
                                        {ldap_memberattr, "cn"},
                                        {ldap_userdesc, "displayName"}
  {mod_configure,       []},
  {mod_disco,           []},
  {mod_blocking,        []},
  {mod_last,            []},
  {mod_muc,             [{access, all},
                                {access_create, all},
                                {access_admin, muc_admin},
                                        {allow_change_subj, true},
                                        {allow_query_users, true},
                                        {allow_private_messages, false},
                                        {members_by_default, false},
                                        {title, "New chatroom"},
                                        {anonymous, false},
                                        {min_message_interval, 0.4},
                                        {min_presence_interval, 4},
                                        {max_room_id, 20},
                                        {max_room_name, 20},
                                        {max_room_desc, 300},
                                        {history_size, 10}
  {mod_muc_log,         []},
  {mod_offline,         []},
  {mod_privacy,         []},
  {mod_stats,           []}
%%  {mod_vcard_ldap,    []}

  {5222, ejabberd_c2s, [
        {certfile, "/etc/ejabberd/myserver.pem"}, starttls,
%%      {access, c2s},
%%      {shaper, c2s_shaper},
        {max_stanza_size, 65536}

  {5280, ejabberd_http, [
                         %% [
                         %%  {["pub", "archive"], mod_http_fileserver}
                         %% ]},
                        {defalut_host, mycompany.com},
%%                         captcha,
%%                         http_bind,


I looked at the documentation,
and tried to duplicate it as best I could, some of the things were a little
different I suppose because of how our AD was set up.   Here is what I pull
up for myself when I do an ldap search for all attributes:

dn: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaff,OU=mycompany,
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Aaron P. Martinez
sn: Martinez
givenName: Aaron
initials: p
distinguishedName: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaf
instanceType: 4
whenCreated: 20130702151847.0Z
whenChanged: 20130708205928.0Z
displayName: Aaron P. Martinez
uSNCreated: 2534940
memberOf: CN=Product Operations,CN=Users,DC=mycompany,DC=com
uSNChanged: 2553936
name: Aaron P. Martinez
objectGUID:: C3DJLPyvDUGAO/o5gJZcXA==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 130183965680613414
lastLogoff: 0
lastLogon: 130184879086917668
pwdLastSet: 130172519276184110
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 19
sAMAccountName: apmartinez
sAMAccountType: 805306368
userPrincipalName: apmartinez at mycompany.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mycompany,DC=com
dSCorePropagationData: 20130702151848.0Z
dSCorePropagationData: 16010101000000.0Z
mail: apmartinez at mycompany.com
mobile: 123-456-7890

The group that should be pulling here is the first OU in the dn (Product
Operations).  I can't use memberOf because some users have multiple memberOf
attributes.  I'm at a loss but would really like to have this working.

Any help greatly appreciated.


Aaron Martinez

More information about the ejabberd mailing list