[ejabberd] shared roster ldap and search permissions error

André Rodier andre at rodier.me
Sun May 13 20:35:08 MSK 2018


On 13/05/18 18:25, Dominik George wrote:
> Hi,
>> OK, I suppose the groups is queried first, then the users that are
>> members of the groups in another query? I am using posixGroup schema,
>> with memberUid.
>>>>>       ldap_groupattr: "ou"     ldap_memberattr: "cn"
>>> I doubt that.  If you are using posixGroup or groupOfNames, groupattr is cn
>>> in both cases, and memberattr is either memberUid or member.
>>>>>       ldap_memberattr_format: "cn=%u,ou=users, dc=homebox,dc=space"
>> I tried a few things, perhaps I mistake something. My current goal is
>> on this page:
>> https://ejabberd-msrl.alioth.debian.org/doc/0.5.3/msrl.html#htoc3
>>> So, taking that into account, the memberattr seems to be member for you.
>> Now, I am not sure to understand.
> Yeah, well, as you said above, you are using memberUid.
>> Perhaps my configuration is wrong, but Yes, I am using the uid for the
>> username, and the cn for the friendly name.
> OK, then you obviously need to use these fields in your config as well…
> Try this:
>    mod_shared_roster_ldap:
>      ldap_rfilter: "(&(objectClass=posixGroup)(memberUid=%u))"
>      ldap_gfilter: "(&(objectClass=posixGroup)(cn=%g))"
>      ldap_ufilter: "(&(objectClass=posixAccount)(uid=%u))"
>      ldap_filter: "(cn=*)"
>      ldap_groupattr: "cn"
>      ldap_groupdesc: "displayName"
>      ldap_userdesc: "cn"
>      ldap_useruid: "uid"
> -nik

Thank you, Nik,

I think it is now working!

Kind regards,

More information about the ejabberd mailing list