<div dir="ltr"><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">I'm trying to configure mod_shared_roster_ldap against MS AD.</p><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">This is the configuration of the module:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code>{mod_shared_roster_ldap,[<br>    {ldap_user_cache_validity,7200},<br>    {ldap_group_cache_validity,7200},<br>    {ldap_base, "ou=CPD,dc=ad,dc=ufrgs,dc=br"},<br>    {ldap_rfilter, "(&(objectClass=group)(cn=CPD-DRS Funcionários))"},<br>    {ldap_groupattr, "cn"},<br>    {ldap_groupdesc, "name"},<br>    {ldap_memberattr, "member"},<br>    {ldap_ufilter, "(&(objectClass=organizationalPerson)(distinguishedName=%D))"},<br>    {ldap_memberattr_format, "%D"},<br>    {ldap_useruid, "distinguishedName"},<br>    {ldap_userdec, "name"}<br>  ]},</code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">The group contains a lot of members:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code>root@xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b "ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub "(&(objectClass=group)(cn=CPD-DRS Funcionários))"<br># extended LDIF<br>#<br># LDAPv3<br># base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree<br># filter: (&(objectClass=group)(cn=CPD-DRS Funcionários))<br># requesting: ALL<br>#<p style="margin-top:0.5em;margin-bottom:0.9em"># CPD-DRS Funcion\C3\A1rios, DRS, CPD, <a href="http://ad.ufrgs.br">ad.ufrgs.br</a><br>dn:: Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YWQsREM9dWZyZ3MsR<br>EM9YnI=<br>objectClass: top<br>objectClass: group<br>cn:: Q1BELURSUyBGdW5jaW9uw6FyaW9z<br>description:: R3J1cG8gRnVuY2lvbsOhcmlvcyBkYSBEUlM=<br>member: CN=Jose Silva,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Ana Maria Braga,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Regina Case,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Luciano Huck,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Willian Bonner,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>member: CN=Fatima Bernardes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>distinguishedName:: Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YW<br>QsREM9dWZyZ3MsREM9YnI=<br>displayName: Func_DRS</p><p style="margin-top:0.5em;margin-bottom:0.9em"># search result<br>search: 2<br>result: 0 Success</p><p style="margin-top:0.5em;margin-bottom:0.9em"># numResponses: 2<br># numEntries: 1<br>root@xmpp:~#</p></code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">The result for a member:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code>root@xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b "ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub "(&(objectClass=organizationalPerson)(distinguishedName=CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br))"<br># extended LDIF<br>#<br># LDAPv3<br># base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree<br># filter: (&(objectClass=organizationalPerson)(sAMAccountname=jeronimo))<br># requesting: ALL<br>#<p style="margin-top:0.5em;margin-bottom:0.9em"># Jeronimo Soares de Castro Menezes, DRS, CPD, <a href="http://ad.ufrgs.br">ad.ufrgs.br</a><br>dn: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br<br>objectClass: top<br>objectClass: person<br>objectClass: organizationalPerson<br>objectClass: user<br>cn: Jeronimo Soares de Castro Menezes<br>sn: Soares de Castro Menezes<br>title:: RnVuY2lvbsOhcmlv<br>physicalDeliveryOfficeName: DRS<br>telephoneNumber: 5050<br>givenName: Jeronimo<br>distinguishedName: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC<br>=ufrgs,DC=br<br>company: CPD - UFRGS<br>mailNickname: jeronimo<br>name: Jeronimo Soares de Castro Menezes<br>sAMAccountName: jeronimo</p><p style="margin-top:0.5em;margin-bottom:0.9em"># search result<br>search: 2<br>result: 0 Success</p><p style="margin-top:0.5em;margin-bottom:0.9em"># numResponses: 2<br># numEntries: 1<br>root@xmpp:~#</p></code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">When I ssend a stanza querying the roster list:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code><iq type='get' id='purple123b28e3'><br><query xmlns='jabber:iq:roster'/><p style="margin-top:0.5em;margin-bottom:0.9em"></iq></p></code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">The answer is an empty roster:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code><iq from='<a href="mailto:jeronimo@ad.ufrgs.br">jeronimo@ad.ufrgs.br</a>' to='<a href="http://jeronimo@ad.ufrgs.br/vision">jeronimo@ad.ufrgs.br/vision</a>' id='purple123b28e3' type='result'><br><query xmlns='jabber:iq:roster'/><br></iq></code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">And the log show me that the group "CPD-DRS Funcionários" were founded:</p><div class="" style="padding:5px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px;background-color:rgb(238,238,238)"><code>=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.611.0>:ejabberd_receiver:320) : Received XML on stream = "<iq type='get' id='purple123b28e3'>\n\t\t<query xmlns='jabber:iq:roster'/>\n\n</iq>"<p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.612.0>:ejabberd_router:313) : route<br>from {jid,"jeronimo","hostname","vision","jeronimo","hostname",<br>                  "vision"}<br>to {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}<br>packet {xmlelement,"iq",<br>                   [{"type","get"},{"id","purple123b28e3"}],<br>                   [{xmlcdata,<<"\n\t\t">>},<br>                    {xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]},<br>                    {xmlcdata,<<"\n\n">>}]}</p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.442.0>:eldap:697) : {searchRequest,<br>                          {'SearchRequest',"ou=CPD,dc=ad,dc=ufrgs,dc=br",<br>                           wholeSubtree,neverDerefAliases,0,5,false,<br>                           {'and',<br>                            [{equalityMatch,<br>                              {'AttributeValueAssertion',"objectClass",<br>                               "group"}},<br>                             {equalityMatch,<br>                              {'AttributeValueAssertion',"cn",<br>                               "CPD-DRS Funcionários"}}]},<br>                           ["cn"]}}</p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.442.0>:eldap:767) : {searchResEntry,<br>                             {'SearchResultEntry',<br>                                 "CN=CPD-DRS Funcionários,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br",<br>                                 [{'PartialAttributeList_SEQOF',"cn",<br>                                      ["CPD-DRS Funcionários"]}]}}</p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.442.0>:eldap:767) : {searchResDone,<br>                             {'LDAPResult',success,[],[],asn1_NOVALUE}}</p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.440.0>:ejabberd_router:313) : route<br>from {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}<br>to {jid,"jeronimo","hostname","vision","jeronimo","hostname",<br>                "vision"}<br>packet {xmlelement,"iq",<br>                   [{"id","purple123b28e3"},{"type","result"}],<br>                   [{xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]}]}</p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.440.0>:ejabberd_sm:510) : sending to process <0.612.0></p><p style="margin-top:0.5em;margin-bottom:0.9em">=INFO REPORT==== 2015-01-21 15:11:53 ===<br>D(<0.612.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<iq from='<a href="mailto:jeronimo@ad.ufrgs.br">jeronimo@ad.ufrgs.br</a>' to='<a href="http://jeronimo@ad.ufrgs.br/vision">jeronimo@ad.ufrgs.br/vision</a>' id='purple123b28e3' type='result'><query xmlns='jabber:iq:roster'/></iq>">></p></code></div><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">I can't understand why the mod_shared_roster_ldap isn't working for me and the roster is empty.<br>I can't find what is wrong in my configuration.</p><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">Can anyone help me?</p><p style="margin-top:0.5em;margin-bottom:0.9em;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:16px;line-height:22.3999996185303px">Jeron</p></div>