[ejabberd] shared roster ldap and search permissions error
andre at rodier.me
Sun May 13 20:35:08 MSK 2018
On 13/05/18 18:25, Dominik George wrote:
>> OK, I suppose the groups is queried first, then the users that are
>> members of the groups in another query? I am using posixGroup schema,
>> with memberUid.
>>>>> ldap_groupattr: "ou" ldap_memberattr: "cn"
>>> I doubt that. If you are using posixGroup or groupOfNames, groupattr is cn
>>> in both cases, and memberattr is either memberUid or member.
>>>>> ldap_memberattr_format: "cn=%u,ou=users, dc=homebox,dc=space"
>> I tried a few things, perhaps I mistake something. My current goal is
>> on this page:
>>> So, taking that into account, the memberattr seems to be member for you.
>> Now, I am not sure to understand.
> Yeah, well, as you said above, you are using memberUid.
>> Perhaps my configuration is wrong, but Yes, I am using the uid for the
>> username, and the cn for the friendly name.
> OK, then you obviously need to use these fields in your config as well…
> Try this:
> ldap_rfilter: "(&(objectClass=posixGroup)(memberUid=%u))"
> ldap_gfilter: "(&(objectClass=posixGroup)(cn=%g))"
> ldap_ufilter: "(&(objectClass=posixAccount)(uid=%u))"
> ldap_filter: "(cn=*)"
> ldap_groupattr: "cn"
> ldap_groupdesc: "displayName"
> ldap_userdesc: "cn"
> ldap_useruid: "uid"
Thank you, Nik,
I think it is now working!
More information about the ejabberd