Home » Forums » ejabberd & XMPP » ejabberd Administration

Preventing cross-domain messaging / preventing messages between virtual hosts

Submitted by thoraxe on Sat, 2011-10-01 03:21

I am beginning to experiment with ejabberd and multiple domains. I have found that with the mostly default configuration, users across domains can message one another.

Example:
{hosts, ["localhost", "domainA.com", "domainB.com" ]}.

{host_config, "domainA.com", [{auth_method, ldap},
{ldap_servers, ["localhost"]},
{ldap_uids, [{"uid"}]},
{ldap_rootdn, "cn=directory manager"},
{ldap_base, "ou=domainA.com,dc=something,dc=com"},
{ldap_password, "ldap"}]}.

{host_config, "domainB.com", [{auth_method, ldap},
{ldap_servers, ["localhost"]},
{ldap_uids, [{"uid"}]},
{ldap_rootdn, "cn=directory manager"},
{ldap_base, "ou=domainB.com,dc=something,dc=com"},
{ldap_password, "ldap"}]}.

In this case I have two domains being hosted on this machine -- domainA and domainB

I have two users:
john@domainA.com
sam@domainB.com

ejabberd is actually letting me send messages from john@domainA.com to sam@domainB.com. I would actually like to prevent this behavior. Users of different virtual hosts should not be able to message one another. I am wondering if this is a simple ACL setting at the virtual host level, but I'm having problems swallowing the documentation.

‹ tsung's user creation problem in ejabberd LDAP Shared Roster ›

Install mod_filter and

Submitted by mfoss on Sat, 2011-10-01 20:10.

Install mod_filter and configure similar to Example 5: http://www.ejabberd.im/mod_filter

»

Hi, I'm bringing back a

Submitted by thoraxe on Mon, 2014-01-13 21:03.

Hi,

I'm bringing back a really old thread. I had a question about more "Advanced" filtering.

For example, I'm trying to do the following. Since I have all my users in LDAP, and I have all users under specific OUs:

ou=domainA,dc=foo,dc=bar
ou=domainB,dc=foo,dc=bar

I want all users in an OU:
* to be able to see eachother in the buddy list by default
* to be able to chat with eachother by default
* cannot view users of other OU

I have one special OU, where users:
* should NOT see other users by default
* can add other users in this OU (this is like Google Chat -- you don't know about all users but you can see them if you add them)
* cannot talk to users of other OU

While I could do this with mod_filter easily, it requires many lines of configuration for each individual domain. If you have 100+ domains, that is a really big file.

I could probably write a puppet module to generate the file, but that is very complicated.

Ideally I would like to configure some "generic" mappings for domain behavior and be done with it.

Is this possible?

»

I am using multiple domains

Submitted by meghavasu on Fri, 2016-04-29 08:04.

I am using multiple domains with auth_method:odbc
example: DomainA, DomainB
but abc@DomainA is not able to sent message to user xyz@DomainB.
Please help.

»
Syndicate content

User login