[ejabberd] shared roster ldap and search permissions error

André Rodier andre at rodier.me
Sun May 13 20:35:08 MSK 2018


Hello,

On 13/05/18 18:25, Dominik George wrote:
> Hi,
> 
>> OK, I suppose the groups is queried first, then the users that are
>> members of the groups in another query? I am using posixGroup schema,
>> with memberUid.
> 
>>>>>       ldap_groupattr: "ou"     ldap_memberattr: "cn"
>>>
>>> I doubt that.  If you are using posixGroup or groupOfNames, groupattr is cn
>>> in both cases, and memberattr is either memberUid or member.
>>>
>>>>>       ldap_memberattr_format: "cn=%u,ou=users, dc=homebox,dc=space"
>>>
>> I tried a few things, perhaps I mistake something. My current goal is
>> on this page:
>> https://ejabberd-msrl.alioth.debian.org/doc/0.5.3/msrl.html#htoc3
>>
>>
>>> So, taking that into account, the memberattr seems to be member for you.
>>
>> Now, I am not sure to understand.
> 
> Yeah, well, as you said above, you are using memberUid.
> 
>> Perhaps my configuration is wrong, but Yes, I am using the uid for the
>> username, and the cn for the friendly name.
> 
> OK, then you obviously need to use these fields in your config as well…
> 
> Try this:
> 
>    mod_shared_roster_ldap:
>      ldap_rfilter: "(&(objectClass=posixGroup)(memberUid=%u))"
>      ldap_gfilter: "(&(objectClass=posixGroup)(cn=%g))"
>      ldap_ufilter: "(&(objectClass=posixAccount)(uid=%u))"
>      ldap_filter: "(cn=*)"
>      ldap_groupattr: "cn"
>      ldap_groupdesc: "displayName"
>      ldap_userdesc: "cn"
>      ldap_useruid: "uid"
> 
> -nik

Thank you, Nik,

I think it is now working!

Kind regards,
André


More information about the ejabberd mailing list