[ejabberd] shared_roster_ldap not populating any groups or users

Aaron Martinez willwrk4u at hotmail.com
Mon Jul 22 18:44:31 MSK 2013


Hi All,

I've been trying to get this shared_roster_ldap module working for a while
and I'm not having any luck getting anything to automagically populate,
groups or users.  Here are my configs:

/etc/ejabberd/ejabberd.cfg:

%% {loglevel, 5}.
{loglevel, 4}.
%% {loglevel, 3}.

{domain_certfile, mycompany.com, "/etc/ejabberd/myserver.pem"}.
{fqdn,  messenger.mycompany.com}.


{hosts, ["mycompany.com"]}.

{acl, admin, {user, "apmartinez", "mycompany.com"}}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.


{ldap_servers, ["dc.mycompany.com"]}.
{ldap_uids,    [{"sAMAccountName", "%u"}]}.
%% {ldap_base,  "ou=mycompanyStaff,ou=mycompany,dc=mycompany,dc=com"}.
{ldap_base,  "ou=mycompany,dc=mycompany,dc=com"}.
{ldap_rootdn,  "cn=Administrator,cn=Users,dc=mycompany,dc=com"}.
{ldap_password, "password"}.
{ldap_filter, "(objectClass=organizationalPerson)"}.

{modules,
 [
  {mod_roster,          []},
  {mod_shared_roster_ldap,              [
                                        {ldap_rfilter,
"(objectClass=organizationalPerson)"},
                                        {ldap_groupattr, "ou"},
                                        {ldap_memberattr, "cn"},
                                        {ldap_filter, 
"(objectClass=organizationalPerson)"},
                                        {ldap_userdesc, "displayName"}
                                ]},
  {mod_configure,       []},
  {mod_disco,           []},
  {mod_blocking,        []},
  {mod_last,            []},
  {mod_muc,             [{access, all},
                                {access_create, all},
                                {access_admin, muc_admin},
                                {default_room_options,
                                [
                                        {allow_change_subj, true},
                                        {allow_query_users, true},
                                        {allow_private_messages, false},
                                        {members_by_default, false},
                                        {title, "New chatroom"},
                                        {anonymous, false},
                                        {min_message_interval, 0.4},
                                        {min_presence_interval, 4},
                                        {max_room_id, 20},
                                        {max_room_name, 20},
                                        {max_room_desc, 300},
                                        {history_size, 10}
                                ]}
                        ]},
  {mod_muc_log,         []},
  {mod_offline,         []},
  {mod_privacy,         []},
  {mod_stats,           []}
%%  {mod_vcard_ldap,    []}
]}.


{listen,
 [
  {5222, ejabberd_c2s, [
        {certfile, "/etc/ejabberd/myserver.pem"}, starttls,
%%      {access, c2s},
%%      {shaper, c2s_shaper},
        {max_stanza_size, 65536}
    ]},

  {5280, ejabberd_http, [
                         %%{request_handlers,
                         %% [
                         %%  {["pub", "archive"], mod_http_fileserver}
                         %% ]},
                        {defalut_host, mycompany.com},
%%                         captcha,
%%                         http_bind,
                        starttls_required,
                         http_poll,
                         %%register,
                         web_admin
                        ]}

 ]}.

I looked at the documentation,
git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.11/doc/guide.html#htoc62,
and tried to duplicate it as best I could, some of the things were a little
different I suppose because of how our AD was set up.   Here is what I pull
up for myself when I do an ldap search for all attributes:

dn: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaff,OU=mycompany,
 DC=mycompany,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Aaron P. Martinez
sn: Martinez
givenName: Aaron
initials: p
distinguishedName: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaf
 f,OU=mycompany,DC=mycompany,DC=com
instanceType: 4
whenCreated: 20130702151847.0Z
whenChanged: 20130708205928.0Z
displayName: Aaron P. Martinez
uSNCreated: 2534940
memberOf: CN=Product Operations,CN=Users,DC=mycompany,DC=com
uSNChanged: 2553936
name: Aaron P. Martinez
objectGUID:: C3DJLPyvDUGAO/o5gJZcXA==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 130183965680613414
lastLogoff: 0
lastLogon: 130184879086917668
pwdLastSet: 130172519276184110
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAALWGXdiFk1XFHSJIS2A4AAA==
accountExpires: 9223372036854775807
logonCount: 19
sAMAccountName: apmartinez
sAMAccountType: 805306368
userPrincipalName: apmartinez at mycompany.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mycompany,DC=com
dSCorePropagationData: 20130702151848.0Z
dSCorePropagationData: 16010101000000.0Z
mail: apmartinez at mycompany.com
mobile: 123-456-7890

The group that should be pulling here is the first OU in the dn (Product
Operations).  I can't use memberOf because some users have multiple memberOf
attributes.  I'm at a loss but would really like to have this working.

Any help greatly appreciated.

Sincerely,

Aaron Martinez




More information about the ejabberd mailing list