[ejabberd] shared_roster_ldap not populating any groups or users

Aaron Martinez willwrk4u at hotmail.com
Sat Jul 27 02:29:34 MSK 2013


Anybody??

On 07/22/13 10:44, Aaron Martinez wrote:
> Hi All,
>
> I've been trying to get this shared_roster_ldap module working for a while
> and I'm not having any luck getting anything to automagically populate,
> groups or users.  Here are my configs:
>
> /etc/ejabberd/ejabberd.cfg:
>
> %% {loglevel, 5}.
> {loglevel, 4}.
> %% {loglevel, 3}.
>
> {domain_certfile, mycompany.com, "/etc/ejabberd/myserver.pem"}.
> {fqdn,  messenger.mycompany.com}.
>
>
> {hosts, ["mycompany.com"]}.
>
> {acl, admin, {user, "apmartinez", "mycompany.com"}}.
> {access, configure, [{allow, admin}]}.
> {access, muc_admin, [{allow, admin}]}.
>
>
> {ldap_servers, ["dc.mycompany.com"]}.
> {ldap_uids,    [{"sAMAccountName", "%u"}]}.
> %% {ldap_base,  "ou=mycompanyStaff,ou=mycompany,dc=mycompany,dc=com"}.
> {ldap_base,  "ou=mycompany,dc=mycompany,dc=com"}.
> {ldap_rootdn,  "cn=Administrator,cn=Users,dc=mycompany,dc=com"}.
> {ldap_password, "password"}.
> {ldap_filter, "(objectClass=organizationalPerson)"}.
>
> {modules,
>   [
>    {mod_roster,          []},
>    {mod_shared_roster_ldap,              [
>                                          {ldap_rfilter,
> "(objectClass=organizationalPerson)"},
>                                          {ldap_groupattr, "ou"},
>                                          {ldap_memberattr, "cn"},
>                                          {ldap_filter,
> "(objectClass=organizationalPerson)"},
>                                          {ldap_userdesc, "displayName"}
>                                  ]},
>    {mod_configure,       []},
>    {mod_disco,           []},
>    {mod_blocking,        []},
>    {mod_last,            []},
>    {mod_muc,             [{access, all},
>                                  {access_create, all},
>                                  {access_admin, muc_admin},
>                                  {default_room_options,
>                                  [
>                                          {allow_change_subj, true},
>                                          {allow_query_users, true},
>                                          {allow_private_messages, false},
>                                          {members_by_default, false},
>                                          {title, "New chatroom"},
>                                          {anonymous, false},
>                                          {min_message_interval, 0.4},
>                                          {min_presence_interval, 4},
>                                          {max_room_id, 20},
>                                          {max_room_name, 20},
>                                          {max_room_desc, 300},
>                                          {history_size, 10}
>                                  ]}
>                          ]},
>    {mod_muc_log,         []},
>    {mod_offline,         []},
>    {mod_privacy,         []},
>    {mod_stats,           []}
> %%  {mod_vcard_ldap,    []}
> ]}.
>
>
> {listen,
>   [
>    {5222, ejabberd_c2s, [
>          {certfile, "/etc/ejabberd/myserver.pem"}, starttls,
> %%      {access, c2s},
> %%      {shaper, c2s_shaper},
>          {max_stanza_size, 65536}
>      ]},
>
>    {5280, ejabberd_http, [
>                           %%{request_handlers,
>                           %% [
>                           %%  {["pub", "archive"], mod_http_fileserver}
>                           %% ]},
>                          {defalut_host, mycompany.com},
> %%                         captcha,
> %%                         http_bind,
>                          starttls_required,
>                           http_poll,
>                           %%register,
>                           web_admin
>                          ]}
>
>   ]}.
>
> I looked at the documentation,
> git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.11/doc/guide.html#htoc62,
> and tried to duplicate it as best I could, some of the things were a little
> different I suppose because of how our AD was set up.   Here is what I pull
> up for myself when I do an ldap search for all attributes:
>
> dn: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaff,OU=mycompany,
>   DC=mycompany,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Aaron P. Martinez
> sn: Martinez
> givenName: Aaron
> initials: p
> distinguishedName: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaf
>   f,OU=mycompany,DC=mycompany,DC=com
> instanceType: 4
> whenCreated: 20130702151847.0Z
> whenChanged: 20130708205928.0Z
> displayName: Aaron P. Martinez
> uSNCreated: 2534940
> memberOf: CN=Product Operations,CN=Users,DC=mycompany,DC=com
> uSNChanged: 2553936
> name: Aaron P. Martinez
> objectGUID:: C3DJLPyvDUGAO/o5gJZcXA==
> userAccountControl: 66048
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 130183965680613414
> lastLogoff: 0
> lastLogon: 130184879086917668
> pwdLastSet: 130172519276184110
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAALWGXdiFk1XFHSJIS2A4AAA==
> accountExpires: 9223372036854775807
> logonCount: 19
> sAMAccountName: apmartinez
> sAMAccountType: 805306368
> userPrincipalName: apmartinez at mycompany.com
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mycompany,DC=com
> dSCorePropagationData: 20130702151848.0Z
> dSCorePropagationData: 16010101000000.0Z
> mail: apmartinez at mycompany.com
> mobile: 123-456-7890
>
> The group that should be pulling here is the first OU in the dn (Product
> Operations).  I can't use memberOf because some users have multiple memberOf
> attributes.  I'm at a loss but would really like to have this working.
>
> Any help greatly appreciated.
>
> Sincerely,
>
> Aaron Martinez
>




More information about the ejabberd mailing list