[ejabberd] LDAP Authentication - deny access

Peter Viskup skupko.sk at gmail.com
Thu Jun 27 14:49:55 MSK 2013


On 06/27/2013 12:40 PM, Petter Olsson wrote:
> Hi guys,
>
> Running:
> Ubuntu 12.04.02 LTS
> ejabberd 2.1.10-2ubuntu1.1
>
> Relevant LDAP Info:
> %% LDAP attribute that holds user ID:
> {ldap_uids, [{"uid", "%u"}]}.
> %%
> %% LDAP filter:
> {ldap_filter, "(objectClass=shadowAccount)"}.
>
> Problem:
> Accounts that are disabled in LDAP can still login.
>
> Question:
> Can I use some sort of filter to have it not allow disabled/expired accounts from LDAP or do I have to switch to PAM for this to happen?
Of course you can. Play around with ldap_filter value following this page:
http://www.centos.org/docs/5/html/CDS/ag/8.0/Finding_Directory_Entries-LDAP_Search_Filters.html

It should be something like:

(&(objectClass=shadowAccount)(account_enabled=true))

-- 
Peter


More information about the ejabberd mailing list