I read that there are two ways to register users with ejabberd. One, with ejabberctl command and the other using in-band registration (XEP-0077). I have a question concerning to in-band registration, is it possible to authenticate who register a new JID? i.e., we
want that only
this rules:
{acl, adminjid, {user, "admin", "domain.org"}}.
{access, register, [{allow, adminjid}]}.
means that only
Anyway, How can I allow web register and disable register of new jid from a jabber client?
Somebody knows where is placed the JRT (Jabber registration tool) nowadays?
Just disable In-Band
Just disable In-Band registration like described in the guide (see examples in the section about mod_register!), then only the administrator can register new users using ejabberdctl or using the web interface.
--
sander
I didn't explain it
I didn't explain it properly. Let's imagine that we have a restricted
jabber server, only personal authorized can talk and register. To
register, people have to access to a web page using a login and a
password and if it's correct, access is granted and he/she can register
an account, any other way to register is not allowed.
Allows this ejabberd (or xmpp protocol)? Or there are only two ways:
register available for all, register available only for admin. Are
there a register available for groups?
I hope that this time is clear. Thanks.
Several misconceptions :)
means that onlyadmin@domain.org JID could be registered.
Wrong.
This allowsadmin@domain.org to register accounts, any account he wants.
Anyway, How can I allow web register and disable register of new jid from a jabber client?
Web register? Do you mean the ejabberd web admin? That's independent of mod_register.
Note that JRT is a small Jabber client in PHP to register accounts.
Somebody knows where is placed the JRT (Jabber registration tool) nowadays?
I found this:jrt-0.0.2d.tar.bz2 .
Re: Several misconceptions :)
means that onlyadmin@domain.org JID could be registered.
Wrong.
This allowsadmin@domain.org to register accounts, any account he wants.
Are you sure? Have your tried? I tried, and that was the final conclusion.
If it's true, How iq:register requests are authenticated? Only with SetFrom IQ field? Or you must send iq:register over an authenticated connection? This failed for me.
This is a code that I used to check this issue:
Thanks!
You're right; try access_registrant patch
Are you sure? Have your tried?
Umm, now that I tried, you are right: on mod_register, 'access' defines what new JIDs can be registered. I didn't understood the explanation on the ejabberd guide. My fault.
Good news:New option on mod_register: who can register new accounts
I haven't tried your example Perl code. I just tested this patch with Tkabber. Can you beta test this patch and report any problem with it?
If it's true, How iq:register requests are authenticated? Only with SetFrom IQ field? Or you must send iq:register over an authenticated connection? This failed for me.
From now, if you set as registrants a JID, the only way to register an account is to login with that JID, and then send the register request.
Try it on Tkabber: login, open the Service Discovery, double click on Register.
betatesting
After doing protocol debugging, the patch access_registrant works properly. Now only registrant user can create new accounts. All the other registration tries (users authenticated or not), server reply a message like this:
Thank you very much for your support.