[ejabberd] shared roster ldap and search permissions error

Dominik George nik at naturalnet.de
Sun May 13 20:25:21 MSK 2018


Hi,

> OK, I suppose the groups is queried first, then the users that are
> members of the groups in another query? I am using posixGroup schema,
> with memberUid.

> > > >      ldap_groupattr: "ou"     ldap_memberattr: "cn"
> > 
> > I doubt that.  If you are using posixGroup or groupOfNames, groupattr is cn
> > in both cases, and memberattr is either memberUid or member.
> > 
> > > >      ldap_memberattr_format: "cn=%u,ou=users, dc=homebox,dc=space"
> > 
> I tried a few things, perhaps I mistake something. My current goal is
> on this page:
> https://ejabberd-msrl.alioth.debian.org/doc/0.5.3/msrl.html#htoc3
> 
> 
> > So, taking that into account, the memberattr seems to be member for you.
> 
> Now, I am not sure to understand.

Yeah, well, as you said above, you are using memberUid.

> Perhaps my configuration is wrong, but Yes, I am using the uid for the
> username, and the cn for the friendly name.

OK, then you obviously need to use these fields in your config as well…

Try this:

  mod_shared_roster_ldap:
    ldap_rfilter: "(&(objectClass=posixGroup)(memberUid=%u))"
    ldap_gfilter: "(&(objectClass=posixGroup)(cn=%g))"
    ldap_ufilter: "(&(objectClass=posixAccount)(uid=%u))"
    ldap_filter: "(cn=*)"
    ldap_groupattr: "cn"
    ldap_groupdesc: "displayName"
    ldap_userdesc: "cn"
    ldap_useruid: "uid"

-nik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20180513/d9b96947/attachment.sig>


More information about the ejabberd mailing list