ejabberd - Comments for "auth external/internal issue"

Patch stored and promoted

mfoss — Mon, 12 May 2008 18:43:22 +0000

saimonmoore wrote:

I patched ( http://pastie.caboo.se/pastes/148772 )

I've created a page to publitice your patch, and stored a copy of your patch in the webserver:
Authenticating Against a Mixed Internal/External

saimonmoore wrote:

While I'm here can anyone tell me a quick way to recompile an erlang src file and dynamically load it into the server (other than 'ejabberdctl compile' which didn't seem to work)?

Put all the source files in ejabberd src/ directory. Then compile and install as usual. Instead of restarting ejabberd, you can tell it to update the modified binary files: in Web Admin -> Nodes -> your node -> Update -> it should show the modified files, so click Update and good luck :)

[SOLVED] With patch

saimonmoore — Thu, 07 Feb 2008 18:09:31 +0000

So I got my hands dirty for a while and here's the result.

I patched (http://pastie.caboo.se/pastes/148772) ejabberd_auth_external.erl and extauth.erl to:

* continue proxying check_password/is_user_exists to the external script
* added try_register which performs same action as auth_internal (i.e. registers user with mnesia) AND proxies to the external script.
* Added rest of code of auth_internal

This means that:

When registering a new user:

* ejabberd proxies directly to external script which receives 'isuser' command (should return false) (I use a jabber_registered_at column in my db table)

* ejabberd 'registers' with mnesia (performs same code as in auth_internal) AND send the external script a 'tryregister' command. (my script, then authenticates user, and updates the jabber_registered_at column)

* subsequent is_user and auth attempts are all proxied to the external script.

* commands like remove_user, get_vh_registered_users now just do what they do in auth_internal.

This way I get the best of both authentication schemes. I think this should propably be put in it's own scheme (perhaps ejabberd_auth_external_db_internal.erl? Thoughts?) rather than a patch but it's working beautifully for me right now.

While I'm here can anyone tell me a quick way to recompile an erlang src file and dynamically load it into the server (other than 'ejabberdctl compile' which didn't seem to work)?

Regards,

Saimon

Can somebody please correct

saimonmoore — Thu, 07 Feb 2008 15:49:53 +0000

Can somebody please correct me if I'm wrong with the following statement:

* If using external authentication, you can't register a new user with the mnesia db.

I did some experiments trying to register a user on a virtual host using an external script. When using PSI to register a user, the only method called is 'isuser' so:

1. I modified the script to return false for isuser. => When the jabber client tries to register the user, the server returns a 'conflict' i.e. that the user is already registered.

2. I modified the script to return false for isuser. => When the jabber client tries to register the user, the server returns a 'Not Allowed'(The recipient or server does not allow any entity to perform that action) even though I have {access, register, [{allow, all}]}.

So I'm a bit stuck. I need to use an external script as I need to be able to authenticate users via the password they used when they signed up or via a generated token for people who signed up via openid (or which I'm logging in transparently to the jabber server). If I use an external script, then I can't user shared roster groups (@all@) as users are never actually registered in the mnesia db.

Can anyone see a possible solution to this problem?

Many thanks,

Saimon