[ejabberd] mod_shared_roster_ldap and MS AD

Jeronimo jscmenezes at gmail.com
Wed Jan 21 23:23:38 MSK 2015


I'm trying to configure mod_shared_roster_ldap against MS AD.

This is the configuration of the module:
{mod_shared_roster_ldap,[
    {ldap_user_cache_validity,7200},
    {ldap_group_cache_validity,7200},
    {ldap_base, "ou=CPD,dc=ad,dc=ufrgs,dc=br"},
    {ldap_rfilter, "(&(objectClass=group)(cn=CPD-DRS Funcionários))"},
    {ldap_groupattr, "cn"},
    {ldap_groupdesc, "name"},
    {ldap_memberattr, "member"},
    {ldap_ufilter,
"(&(objectClass=organizationalPerson)(distinguishedName=%D))"},
    {ldap_memberattr_format, "%D"},
    {ldap_useruid, "distinguishedName"},
    {ldap_userdec, "name"}
  ]},

The group contains a lot of members:
root at xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b
"ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub "(&(objectClass=group)(cn=CPD-DRS
Funcionários))"
# extended LDIF
#
# LDAPv3
# base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree
# filter: (&(objectClass=group)(cn=CPD-DRS Funcionários))
# requesting: ALL
#

# CPD-DRS Funcion\C3\A1rios, DRS, CPD, ad.ufrgs.br
dn::
Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YWQsREM9dWZyZ3MsR
EM9YnI=
objectClass: top
objectClass: group
cn:: Q1BELURSUyBGdW5jaW9uw6FyaW9z
description:: R3J1cG8gRnVuY2lvbsOhcmlvcyBkYSBEUlM=
member: CN=Jose Silva,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Jeronimo Soares de Castro
Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Ana Maria Braga,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Regina Case,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Luciano Huck,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Willian Bonner,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Fatima Bernardes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
distinguishedName::
Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YW
QsREM9dWZyZ3MsREM9YnI=
displayName: Func_DRS

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root at xmpp:~#

The result for a member:
root at xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b
"ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub
"(&(objectClass=organizationalPerson)(distinguishedName=CN=Jeronimo Soares
de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br))"
# extended LDIF
#
# LDAPv3
# base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree
# filter: (&(objectClass=organizationalPerson)(sAMAccountname=jeronimo))
# requesting: ALL
#

# Jeronimo Soares de Castro Menezes, DRS, CPD, ad.ufrgs.br
dn: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Jeronimo Soares de Castro Menezes
sn: Soares de Castro Menezes
title:: RnVuY2lvbsOhcmlv
physicalDeliveryOfficeName: DRS
telephoneNumber: 5050
givenName: Jeronimo
distinguishedName: CN=Jeronimo Soares de Castro
Menezes,OU=DRS,OU=CPD,DC=ad,DC
=ufrgs,DC=br
company: CPD - UFRGS
mailNickname: jeronimo
name: Jeronimo Soares de Castro Menezes
sAMAccountName: jeronimo

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root at xmpp:~#

When I ssend a stanza querying the roster list:
<iq type='get' id='purple123b28e3'>
<query xmlns='jabber:iq:roster'/>

</iq>

The answer is an empty roster:
<iq from='jeronimo at ad.ufrgs.br' to='jeronimo at ad.ufrgs.br/vision'
id='purple123b28e3' type='result'>
<query xmlns='jabber:iq:roster'/>
</iq>

And the log show me that the group "CPD-DRS Funcionários" were founded:
=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.611.0>:ejabberd_receiver:320) : Received XML on stream = "<iq
type='get' id='purple123b28e3'>\n\t\t<query
xmlns='jabber:iq:roster'/>\n\n</iq>"

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.612.0>:ejabberd_router:313) : route
from {jid,"jeronimo","hostname","vision","jeronimo","hostname",
                  "vision"}
to {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}
packet {xmlelement,"iq",
                   [{"type","get"},{"id","purple123b28e3"}],
                   [{xmlcdata,<<"\n\t\t">>},
                    {xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]},
                    {xmlcdata,<<"\n\n">>}]}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:697) : {searchRequest,
                          {'SearchRequest',"ou=CPD,dc=ad,dc=ufrgs,dc=br",
                           wholeSubtree,neverDerefAliases,0,5,false,
                           {'and',
                            [{equalityMatch,
                              {'AttributeValueAssertion',"objectClass",
                               "group"}},
                             {equalityMatch,
                              {'AttributeValueAssertion',"cn",
                               "CPD-DRS Funcionários"}}]},
                           ["cn"]}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:767) : {searchResEntry,
                             {'SearchResultEntry',
                                 "CN=CPD-DRS
Funcionários,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br",
                                 [{'PartialAttributeList_SEQOF',"cn",
                                      ["CPD-DRS Funcionários"]}]}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:767) : {searchResDone,
                             {'LDAPResult',success,[],[],asn1_NOVALUE}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.440.0>:ejabberd_router:313) : route
from {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}
to {jid,"jeronimo","hostname","vision","jeronimo","hostname",
                "vision"}
packet {xmlelement,"iq",
                   [{"id","purple123b28e3"},{"type","result"}],
                   [{xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]}]}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.440.0>:ejabberd_sm:510) : sending to process <0.612.0>

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.612.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<iq from='
jeronimo at ad.ufrgs.br' to='jeronimo at ad.ufrgs.br/vision' id='purple123b28e3'
type='result'><query xmlns='jabber:iq:roster'/></iq>">>

I can't understand why the mod_shared_roster_ldap isn't working for me and
the roster is empty.
I can't find what is wrong in my configuration.

Can anyone help me?

Jeron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20150121/3b15e0b5/attachment.html>


More information about the ejabberd mailing list