Problems registering users

I'm trying to use ejabberd 2.0.2 with an external authentication script but can't get user registration to work, either in-band or with ejabberdctl. I get a "not allowed" error, which my googling has indicated could be related to a hostname mismatch, su problem or a timeout. My ejabberd.cfg has:

{hosts, ["localhost","myhost.idt.com"]}.
{access, register, [{allow, all}]}.
{registration_timeout, disable}.

and my modules section has:

{mod_register, [
                {welcome_message, {"Welcome!", "Welcome to our new Jabber server!"}},
                {registration_watchers, ["admin@myhost.idt.com"]},
                {access, register}
               ]},

Registering with ejabberdctl fails:

% ejabberdctl register toby.schaffer myhost.idt.com secret
Can't register user "toby.schaffer@myhost.idt.com" at node ejabberd@localhost: not_allowed

In-band registration fails similarly:

SEND:
<iq type='set'>
  <query xmlns="jabber:iq:register">
    <username>toby.schaffer</username><password>secret</password>
  </query>
</iq>
RECV:
<iq from='myhost.idt.com' type='error'>
  <query xmlns='jabber:iq:register'>
    <username>toby.schaffer</username><password>secret</password>
  </query>
  <error code='405' type='cancel'>
    <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  </error>
</iq>

My authentication script currently always returns 0 (failure) for an "isuser" query. All ejabberd processes are running under my userid, and I own the directories where all the files are being stored, so I don't think it's a file permission problem.

Any ideas what I'm doing wrong? This is driving me insane, so any help or suggestions are greatly appreciated...

Some tests

If you setup internal auth, registering accounts should work.

If you setup extauth to the example auth script, written in Perl, it should work. You will need to make the script executable for the system user, etc.

And then, if you wrote a script that works correctly, it should work.

If your script doesn't work correctly, maybe you find another script in the the Contributions page written in the same language than yours, and you can use it as example.

think I found it...

Hi badlop - Thanks for the quick reply. I was actually about to update this ticket - since I posted originally, I downloaded the source and it appears the problem isn't my script but that registration while using external authentication isn't supported. I don't know Erlang beyond reading the tutorial today, but when using {auth_method, external} the registration ends seems to end at ejabberd_auth_external:try_register, which just says no:

try_register(_User, _Server, _Password) ->
    {error, not_allowed}.

I changed ejabberd.cfg to use internal auth, registered with ejabberdctl (finally!), shutdown the server, switched back to external auth through my script, restarted, and authentication of the newly-created account seems to work fine.

Does this explanation make sense or am I misunderstanding something?

Thanks again.

You are right: extauth doesn't implement account creation

jtschaff wrote:

registration while using external authentication isn't supported

Ah, you are right. The code shows that extauth doesn't allow to register accounts. The development documentation of extauth doesn't include registration among the allowed operations:

http://svn.process-one.net/ejabberd/trunk/doc/dev.html#htoc9

operation are as follows:
    * auth:User:Server:Password (check if a username/password pair is correct)
    * isuser:User:Server (check if it’s a valid user)
    * setpass:User:Server:Password (set user’s password)

Checking the ejabberd source code, account registration is allowed when using internal or odbc authentication. Account registration is not allowed when using anonymous, external, ldap or pam. I'll make ure this is explained in the ejabberd Guide in the next ejabberd version.

So, it is expected that you give to your users another mechanism so they create accounts in your external system (a web formulary to your external database, or ...).

Syndicate content