[ejabberd] shared_roster_ldap not populating any groups or users

Holger Mickler holger.mickler at tu-dresden.de
Mon Jul 29 09:51:27 MSK 2013


Hi Aaron,

2.1.11 seems to have a bug - I could not get the LDAP roster working with this
version. I am currently stuck with 2.1.10 and it works fine. I am using OpenLDAP
and not AD, but that should not make much of a difference. Maybe you should give
it a try.

Regards,
  Holger


On 27.07.2013 00:29, Aaron Martinez wrote:
> Anybody??
> 
> On 07/22/13 10:44, Aaron Martinez wrote:
>> Hi All,
>>
>> I've been trying to get this shared_roster_ldap module working for a while
>> and I'm not having any luck getting anything to automagically populate,
>> groups or users.  Here are my configs:
>>
>> /etc/ejabberd/ejabberd.cfg:
>>
>> %% {loglevel, 5}.
>> {loglevel, 4}.
>> %% {loglevel, 3}.
>>
>> {domain_certfile, mycompany.com, "/etc/ejabberd/myserver.pem"}.
>> {fqdn,  messenger.mycompany.com}.
>>
>>
>> {hosts, ["mycompany.com"]}.
>>
>> {acl, admin, {user, "apmartinez", "mycompany.com"}}.
>> {access, configure, [{allow, admin}]}.
>> {access, muc_admin, [{allow, admin}]}.
>>
>>
>> {ldap_servers, ["dc.mycompany.com"]}.
>> {ldap_uids,    [{"sAMAccountName", "%u"}]}.
>> %% {ldap_base,  "ou=mycompanyStaff,ou=mycompany,dc=mycompany,dc=com"}.
>> {ldap_base,  "ou=mycompany,dc=mycompany,dc=com"}.
>> {ldap_rootdn,  "cn=Administrator,cn=Users,dc=mycompany,dc=com"}.
>> {ldap_password, "password"}.
>> {ldap_filter, "(objectClass=organizationalPerson)"}.
>>
>> {modules,
>>   [
>>    {mod_roster,          []},
>>    {mod_shared_roster_ldap,              [
>>                                          {ldap_rfilter,
>> "(objectClass=organizationalPerson)"},
>>                                          {ldap_groupattr, "ou"},
>>                                          {ldap_memberattr, "cn"},
>>                                          {ldap_filter,
>> "(objectClass=organizationalPerson)"},
>>                                          {ldap_userdesc, "displayName"}
>>                                  ]},
>>    {mod_configure,       []},
>>    {mod_disco,           []},
>>    {mod_blocking,        []},
>>    {mod_last,            []},
>>    {mod_muc,             [{access, all},
>>                                  {access_create, all},
>>                                  {access_admin, muc_admin},
>>                                  {default_room_options,
>>                                  [
>>                                          {allow_change_subj, true},
>>                                          {allow_query_users, true},
>>                                          {allow_private_messages, false},
>>                                          {members_by_default, false},
>>                                          {title, "New chatroom"},
>>                                          {anonymous, false},
>>                                          {min_message_interval, 0.4},
>>                                          {min_presence_interval, 4},
>>                                          {max_room_id, 20},
>>                                          {max_room_name, 20},
>>                                          {max_room_desc, 300},
>>                                          {history_size, 10}
>>                                  ]}
>>                          ]},
>>    {mod_muc_log,         []},
>>    {mod_offline,         []},
>>    {mod_privacy,         []},
>>    {mod_stats,           []}
>> %%  {mod_vcard_ldap,    []}
>> ]}.
>>
>>
>> {listen,
>>   [
>>    {5222, ejabberd_c2s, [
>>          {certfile, "/etc/ejabberd/myserver.pem"}, starttls,
>> %%      {access, c2s},
>> %%      {shaper, c2s_shaper},
>>          {max_stanza_size, 65536}
>>      ]},
>>
>>    {5280, ejabberd_http, [
>>                           %%{request_handlers,
>>                           %% [
>>                           %%  {["pub", "archive"], mod_http_fileserver}
>>                           %% ]},
>>                          {defalut_host, mycompany.com},
>> %%                         captcha,
>> %%                         http_bind,
>>                          starttls_required,
>>                           http_poll,
>>                           %%register,
>>                           web_admin
>>                          ]}
>>
>>   ]}.
>>
>> I looked at the documentation,
>> git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.11/doc/guide.html#htoc62,
>> and tried to duplicate it as best I could, some of the things were a little
>> different I suppose because of how our AD was set up.   Here is what I pull
>> up for myself when I do an ldap search for all attributes:
>>
>> dn: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaff,OU=mycompany,
>>   DC=mycompany,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Aaron P. Martinez
>> sn: Martinez
>> givenName: Aaron
>> initials: p
>> distinguishedName: CN=Aaron P. Martinez,OU=Product Operations,OU=mycompanyStaf
>>   f,OU=mycompany,DC=mycompany,DC=com
>> instanceType: 4
>> whenCreated: 20130702151847.0Z
>> whenChanged: 20130708205928.0Z
>> displayName: Aaron P. Martinez
>> uSNCreated: 2534940
>> memberOf: CN=Product Operations,CN=Users,DC=mycompany,DC=com
>> uSNChanged: 2553936
>> name: Aaron P. Martinez
>> objectGUID:: C3DJLPyvDUGAO/o5gJZcXA==
>> userAccountControl: 66048
>> badPwdCount: 0
>> codePage: 0
>> countryCode: 0
>> badPasswordTime: 130183965680613414
>> lastLogoff: 0
>> lastLogon: 130184879086917668
>> pwdLastSet: 130172519276184110
>> primaryGroupID: 513
>> objectSid:: AQUAAAAAAAUVAAAALWGXdiFk1XFHSJIS2A4AAA==
>> accountExpires: 9223372036854775807
>> logonCount: 19
>> sAMAccountName: apmartinez
>> sAMAccountType: 805306368
>> userPrincipalName: apmartinez at mycompany.com
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mycompany,DC=com
>> dSCorePropagationData: 20130702151848.0Z
>> dSCorePropagationData: 16010101000000.0Z
>> mail: apmartinez at mycompany.com
>> mobile: 123-456-7890
>>
>> The group that should be pulling here is the first OU in the dn (Product
>> Operations).  I can't use memberOf because some users have multiple memberOf
>> attributes.  I'm at a loss but would really like to have this working.
>>
>> Any help greatly appreciated.
>>
>> Sincerely,
>>
>> Aaron Martinez
>>
> 
> 
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd

-- 
Dipl.-Inf. Holger Mickler

Technische Universität Dresden
Center for Information Services
and High Performance Computing (ZIH)
01062 Dresden
Germany

Office:  Willers-Bau (WIL) A36
Tel.:    +49 (351) 463-37903
Fax:     +49 (351) 463-37773
E-Mail:  holger.mickler at tu-dresden.de



More information about the ejabberd mailing list