https://www.ejabberd.im/node/9149 en https://www.ejabberd.im/node/9149#comment-59445 <p>Hi Mike </p> <p>I send the Details in Mail ....Please check</p> <p>**********<br /> Also, please provide the client-server xmpp conversation regarding roster retrieval. You may need to use a client xmpp console (Miranda IM and pidgin have it).<br /> *************</p> <p>you mean asking client side Log file in above line.</p> <p>Regards<br /> Krishna</p> Fri, 08 Feb 2013 12:39:41 +0000 Krishna_vernalis comment 59445 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59444 <p>Very strange. I have hoped to find an error there - say, a missing letter. Everything looks OK.<br /> Well then, you say that if you comment out the "ldap_filter" string, it works, but returns triple copies of every account. Could you post here a part of logs where the ldap queries are being made? As the log may be lengthy, you may wish to send it to me to <noindex><a href="mailto:mikekaganski@hotmail.com" rel="nofollow" >mikekaganski@hotmail.com</a></noindex> (or put it to a web share and post the link here, but note that this forum may put a message with URLs to moderation). Don't forget to purge sensitive info from there.</p> <p>Also, please provide the client-server xmpp conversation regarding roster retrieval. You may need to use a client xmpp console (Miranda IM and pidgin have it).</p> Fri, 08 Feb 2013 08:11:21 +0000 mikekaganski comment 59444 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59443 <p>Hi</p> <p>Below mentioned my config Details...</p> <p>{mod_shared_roster_ldap, [<br /> {ldap_servers, ["Server IP ADDRESS"]},<br /> {ldap_base, "DC=Domain,DC=com"},<br /> {ldap_rootdn, "CN=Username,CN=Users,DC=Domain,DC=com"},<br /> {ldap_password, "password"},<br /> {ldap_filter, ""},</p> <p>{ldap_rfilter, "(objectClass=user)"},<br /> {ldap_groupattr, "physicalDeliveryOfficeName"},</p> <p>{ldap_gfilter, "(&amp;(objectClass=user)(physicalDeliveryOfficeName=%g))"},<br /> {ldap_groupdesc, "department"},<br /> {ldap_memberattr, "sAMAccountName"},</p> <p>{ldap_ufilter, "(&amp;(objectClass=user)(sAMAccountName=%u))"},<br /> {ldap_useruid, "sAMAccountName"},<br /> {ldap_userdesc, "displayName"}<br /> ]},</p> <p>Also i am having Users in AD below manner</p> <p>OU=Chennai_Users - &gt; contain chennai Users<br /> OU=Pune_Users - &gt; Contain Pune Users<br /> OU=NYC_Users - &gt; Contain NYC Users</p> <p>Also Help me to sort Users in Group </p> <p>Thanks Again</p> <p>Regards<br /> Krishna</p> Thu, 07 Feb 2013 12:35:54 +0000 Krishna_vernalis comment 59443 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59442 <p>No, I would like you to copy your mod_shared_roster_ldap config here, please use copy/paste, not retyping, just don't forget to remove sensitive data. I suspect some typo in it.</p> Thu, 07 Feb 2013 07:12:41 +0000 mikekaganski comment 59442 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59441 <p>Hi mike,</p> <p>I am using mod_shared_roster_ldap which is included in Ejabberd 2.1.9 package.</p> <p>you want me to try with some other package?</p> <p>Thanks<br /> Krishna</p> Thu, 07 Feb 2013 07:00:53 +0000 Krishna_vernalis comment 59441 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59440 <p>Which module (and which module version) do you use?<br /> I mean, there are a original module from <a href="http://www.ejabberd.im/mod_shared_roster_ldap" title="http://www.ejabberd.im/mod_shared_roster_ldap">http://www.ejabberd.im/mod_shared_roster_ldap</a>, improved module by porridge from <noindex><a href="https://alioth.debian.org/projects/ejabberd-msrl/" title="https://alioth.debian.org/projects/ejabberd-msrl/" rel="nofollow" >https://alioth.debian.org/projects/ejabberd-msrl/</a></noindex>, bundled version since 2.1.6 that was prepared by porridge, and an unofficial patch from <noindex><a href="https://support.process-one.net/browse/EJAB-1480" title="https://support.process-one.net/browse/EJAB-1480" rel="nofollow" >https://support.process-one.net/browse/EJAB-1480</a></noindex>. As you use ejabberd 2.1.9, it seems sensible that you should be using the bundled version, but the error seems to indicate a very old module, so maybe you have replaced the bundled version?</p> Wed, 06 Feb 2013 21:10:23 +0000 mikekaganski comment 59440 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59438 <p>Hi mikekagansk,</p> <p>Thank you so much for your help.</p> <p>I am getting error while using above config.But after remove the Line *****{ldap_filter, ""},***** no errors in Log file .</p> <p>Now i am getting single contacts more than 3 times in pidgin.I don't know why..<br /> Any help...sorry</p> <p>Log report while running above config for your reference<br /> ***********************************************************<br /> =INFO REPORT==== 2013-02-06 20:04:02 ===<br /> I(&lt;0.274.0&gt;:eldap:983) : LDAP connection on 10.199.50.2:389</p> <p>=INFO REPORT==== 2013-02-06 20:04:02 ===<br /> I(&lt;0.289.0&gt;:eldap:983) : LDAP connection on 10.199.50.2:389</p> <p>=INFO REPORT==== 2013-02-06 20:04:02 ===<br /> I(&lt;0.36.0&gt;:ejabberd_app:202) : Adding machine's DNS IPs to Erlang system:<br /> []</p> <p>=ERROR REPORT==== 2013-02-06 20:04:03 ===<br /> E(&lt;0.358.0&gt;:eldap_utils:165) : failed to parse LDAP filter:<br /> ** Filter: []<br /> ** Reason: {error,["syntax error before: ",[]]}</p> <p>=INFO REPORT==== 2013-02-06 20:04:03 ===<br /> I(&lt;0.363.0&gt;:eldap:983) : LDAP connection on 10.199.50.2:389</p> <p>=INFO REPORT==== 2013-02-06 20:04:03 ===<br /> I(&lt;0.384.0&gt;:ejabberd_listener:166) : Reusing listening port for 5222</p> <p>=INFO REPORT==== 2013-02-06 20:04:03 ===<br /> I(&lt;0.385.0&gt;:ejabberd_listener:166) : Reusing listening port for 5269</p> <p>=INFO REPORT==== 2013-02-06 20:04:03 ===<br /> I(&lt;0.386.0&gt;:ejabberd_listener:166) : Reusing listening port for 5280</p> <p>=INFO REPORT==== 2013-02-06 20:04:03 ===<br /> I(&lt;0.36.0&gt;:ejabberd_app:72) : ejabberd 2.1.9 is started in the node ejabberd@chd1veritas</p> <p>=INFO REPORT==== 2013-02-06 20:05:39 ===<br /> I(&lt;0.384.0&gt;:ejabberd_listener:281) : (#Port&lt;0.441&gt;) Accepted connection {{10,199,50,65},2780} -&gt; {{10,199,50,65},5222}</p> <p>=INFO REPORT==== 2013-02-06 20:05:39 ===<br /> I(&lt;0.391.0&gt;:ejabberd_c2s:631) : ({socket_state,tls,{tlssock,#Port&lt;0.441&gt;,#Port&lt;0.451&gt;},&lt;0.390.0&gt;}) Accepted authentication for mohan.rasappan by ejabberd_auth_ldap</p> <p>=INFO REPORT==== 2013-02-06 20:05:40 ===<br /> I(&lt;0.391.0&gt;:ejabberd_c2s:938) : ({socket_state,tls,{tlssock,#Port&lt;0.441&gt;,#Port&lt;0.451&gt;},&lt;0.390.0&gt;}) Opened session for mohan.rasappan@vernalis.com/2404637558136016134091002</p> <p>=INFO REPORT==== 2013-02-06 20:05:40 ===<br /> I(&lt;0.391.0&gt;:ejabberd_s2s:369) : New s2s connection started &lt;0.392.0&gt;</p> Wed, 06 Feb 2013 14:58:53 +0000 Krishna_vernalis comment 59438 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59434 <p>{mod_shared_roster_ldap, [<br /> {ldap_servers, ["dc.domain.tld"]},<br /> {ldap_base, "ou=location,ou=companyname,dc=domain,dc=tld"},<br /> {ldap_rootdn, "cn=username,cn=Users,dc=domain,dc=tld"},<br /> {ldap_password, "SuperSecret"},<br /> {ldap_filter, ""},</p> <p> {ldap_rfilter, "(objectClass=user)"},<br /> {ldap_groupattr, "physicalDeliveryOfficeName"},</p> <p> {ldap_gfilter, "(&amp;(objectClass=user)(physicalDeliveryOfficeName=%g))"},<br /> {ldap_groupdesc, "department"},<br /> {ldap_memberattr, "sAMAccountName"},</p> <p> {ldap_ufilter, "(&amp;(objectClass=user)(sAMAccountName=%u))"},<br /> {ldap_useruid, "sAMAccountName"},<br /> {ldap_userdesc, "displayName"}<br /> ]}</p> Mon, 04 Feb 2013 11:53:21 +0000 mikekaganski comment 59434 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59424 <p>Hi,</p> <p>can you give some more explain about ldap_rfilter please...</p> <p>My User LDAP Config Details</p> <p>objectClass: top<br /> objectClass: person<br /> objectClass: organizationalPerson<br /> objectClass: user<br /> cn: Ezhumalai Desingu<br /> sn: Desingu<br /> description: 17185<br /> physicalDeliveryOfficeName: Chennai<br /> telephoneNumber: 4506<br /> givenName: Ezhumalai<br /> initials: D<br /> distinguishedName: CN=Ezhumalai Desingu,OU=Chennai_Users,DC=testing,DC=com<br /> displayName: Ezhumalai Desingu<br /> wWWHomePage: home.testing.co.in<br /> name: Ezhumalai Desingu<br /> codePage: 0<br /> countryCode: 0<br /> primaryGroupID: 513<br /> sAMAccountName: desinez<br /> sAMAccountType: &lt; samUserAccount &gt;<br /> userPrincipalName: <noindex><a href="mailto:desinez@testing.com" rel="nofollow" >desinez@testing.com</a></noindex><br /> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=testing,DC=com<br /> mail: <noindex><a href="mailto:ezhumalai.desingu@vernal.is" rel="nofollow" >ezhumalai.desingu@vernal.is</a></noindex><br /> objectGUID: {F92291F3-FA56-445B-B4FF-519734687741}<br /> objectSid: S-1-5-21-1699561171-4188548150-740795862-4482</p> <p>Regards<br /> Krishna</p> Mon, 04 Feb 2013 06:15:27 +0000 Krishna_vernalis comment 59424 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59423 <p>Your config cannot be used.<br /> You haven't specified ldap_rfilter, which is required.</p> Sat, 02 Feb 2013 12:33:00 +0000 mikekaganski comment 59423 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59410 <p>Hi,</p> <p>Thank you so Much.</p> <p>Is possible to Display the AD User Full Name in client using mod_shared_roster_ldap</p> <p>Config Commands<br /> ****************<br /> {mod_shared_roster_ldap,<br /> [<br /> {ldap_servers, ["dc.domain.tld"]},<br /> {ldap_base, "ou=location,ou=companyname,dc=domain,dc=tld"},<br /> {ldap_rootdn, "cn=username,cn=Users,dc=domain,dc=tld"},<br /> {ldap_password, "SuperSecret"},<br /> {ldap_groupattr, "department"},<br /> {ldap_groupdesc, "department"},<br /> {ldap_memberattr, "sAMAccountName"},<br /> %%{ldap_memberattr_format, "uid=%u*"},<br /> {ldap_filter, "(sAMAccountName=*)"}<br /> ]}</p> <p>Please confirm</p> <p>Thanks<br /> Krishna</p> Fri, 01 Feb 2013 08:39:07 +0000 Krishna_vernalis comment 59410 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59409 <p>ejabberd does not implement this. You only can use one attribute to construct jids.</p> <p>Maybe there exist some possibility to create an intermediate LDAP server that would take data from AD and internally combine it to change the LDAP representation.</p> Thu, 31 Jan 2013 12:27:11 +0000 mikekaganski comment 59409 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59407 <p>Hi Team,</p> <p>I have ejabberd Server running with version 2.1.9.Also integrate into AD Server.<br /> Right now i am using Chat JID as Mail attribute in AD server.</p> <p>{ldap_uids, [{"mail", "%u@domain.com"}]}.</p> <p>Could you please tell me how to use givenName and SN attribute in AD Server as like below</p> <p><noindex><a href="mailto:givenName.SN@domain.com" rel="nofollow" >givenName.SN@domain.com</a></noindex></p> <p>Please help to come out this issue.</p> <p>Regards<br /> Moorthy</p> Thu, 31 Jan 2013 07:27:09 +0000 Krishna_vernalis comment 59407 at https://www.ejabberd.im https://www.ejabberd.im/node/9149#comment-59397 <p>Sorry to reply too late,</p> <p>but the error seems to indicate some problem with LDAP itself.<br /> The error name is invalidDNSyntax (invalid Distinguished Name syntax), I suspect some LDAP entity is internally malformed.<br /> The error text is:</p> <pre>0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of: 'vicmau'</pre><p>This seem to support my idea.<br /> And so do your words that logs show normal operation until this "error" (that is not treated as error by ejabberd, as you may note, it's just =INFO REPORT====)</p> Sat, 19 Jan 2013 06:36:24 +0000 mikekaganski comment 59397 at https://www.ejabberd.im