Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

LDAP auth failed

Submitted by antoniofcano on Wed, 2005-04-20 21:36

Hello,

I'm Antonio and i'm new with all that matter. First I try making a little of googling, I found somethings about the problem but they doesn't resolve the problem and due I'm don't understand the Erlang language....

My question is so easy, I'm trying to config an ejabberd server for auth with LDAP.

In ejabberd.cfg

{auth_method, ldap}.
{ldap_servers, ["IP_SERVER"]}.    % List of LDAP servers
{ldap_uidattr, "uid"}.            % LDAP attribute that holds user ID
{ldap_base, "ou=people,dc=ikusnet,dc=net"}. % Base of LDAP directory
{ldap_rootdn, "cn=admin,dc=ikusnet,dc=net"}.
{ldap_password, "pwd"}.

After installing the deb package, I see that today (or was tomorrow) was released the 0.9v and try with it.

I couldn't make it auth, and then try with the patches in this thread of the forum:

src/ejabberd_auth_ldap.erl:38
eldap:start_link("ejabberd_bind", LDAPServers, 389, RootDN, Password),

should be changed back to:
src/ejabberd_auth_ldap.erl:38
eldap:start_link("ejabberd_bind", LDAPServers, 389, "", ""),

I make a new make install, launch the server and again I got the Unauthorized (401) message.

Continue looking for possible solutions... and found this Mailing list post:

        #eldap_search_result{entries = [E | _]} ->
          Atrib = E#eldap_entry.attributes,
          io:format("LDAP query ~s~n", [Atrib]),
            E#eldap_entry.object_name;
        _ ->
            false

It continues failed and I can't see nothing else printed in the console more than:

=INFO REPORT==== 20-Apr-2005::23:29:06 ===
I(<0.283.0>:ejabberd_c2s:368): (#Port<0.353>) Failed legacy authentication for gafotas@igestec.com/coccinella

My big problem is that i can't understand Erlang for knowing whats happening and make some navigation into the code.

Some questions are,

First, is there a HowTo :)
What is the schema for auth users. I see that we can config the username-ldap field into ejabberd.cfg but what about the password field (in my schema it is userPassword).
And usually we use an user for access the ldap. Where we set the Bind DN with his Bind Password into ejabberd.cfg

I know that they are a lot of questions, but i fell that i'm getting crazy with something that every people seems to config at first and that comes by default with jabber servers.

Thanks for all, Antonio F. Cano

Ldap progress slowly but still no runs

Submitted by antoniofcano on Thu, 2005-04-21 08:57.

Hi all,

I've got one answer for the question of debug messages. It doesn't appear because are into the wrong place, if I couldn't find the user in the ldap the case goes to false and doesn't show the Debug information.

Then I make the next change:
find_user_dn(User) ->
Attr = ejabberd_config:get_local_option(ldap_uidattr),
Filter = eldap:equalityMatch(Attr, User),
Base = ejabberd_config:get_local_option(ldap_base),
case eldap:search("ejabberd", [{base, Base},
{filter, Filter},
{attributes, []}]) of
#eldap_search_result{entries = [E | _]} ->
E#eldap_entry.object_name;
_ ->
Atrib = E#eldap_entry.attributes,
io:format("LDAP query ~s~n", [Atrib]),
false
end.

But when go to make it told me that variable 'E' is unbound. How can I debug it for finding the error.

I also show in one post of mailing-list that in V0.9 are two new params the ldap_rootdn y ldap_password. Now my ejabberd config for ldap is:

{auth_method, ldap}.
{ldap_servers, ["server-ip"]}. % List of LDAP servers
{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
{ldap_base, "ou=people,dc=ikusnet,dc=net"}. % Base of LDAP directory
{ldap_rootdn, "cn=admin,dc=ikusnet,dc=net"}.
{ldap_password, "admin-ldap-password"}.

But it still failed authenticate, What is the base password field for jabber users into ldap?

Kind regards,

Finally

Submitted by antoniofcano on Thu, 2005-04-21 19:47.

Hello all,

I've got good news :D finally I sit, calm down and start for the first.

My errors were:
1) Timeout with the LDAP server.
2) Fixed first, i see that secret were not correct, ups!!
3) And finally, the client doesn't send the password in Plain Text.

Now it works great. For getting ejabberd working with LDAP authentication we only have to install ejabberd (last version works fine) and set the config in that way:
{auth_method, ldap}.
{ldap_servers, ["server-ip"]}. % List of LDAP servers
{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
{ldap_base, "ou=people,dc=ikusnet,dc=net"}. % Base of LDAP directory
{ldap_rootdn, "cn=admin,dc=ikusnet,dc=net"}.
{ldap_password, "admin-ldap-password"}.

I don't know if it is possible to set the Timeout in config file, then ever try to get the LDAP an ejabberd in the same machine (or network).

Regards

not in config, but maybe in the source code

Submitted by mfoss on Thu, 2005-04-21 21:46.

I don't know if it is possible to set the Timeout in config file, then ever try to get the LDAP an ejabberd in the same machine (or network).

Not in configuration file, but on ejabberd/src/eldap/eldap.erl there are three values that sound interesting:

-define(RETRY_TIMEOUT, 5000).
-define(BIND_TIMEOUT, 10000).
-define(CMD_TIMEOUT, 5000).

You can modify them, recompile and check if they help or not.

That's sound interesting. I'l

Submitted by antoniofcano on Fri, 2005-04-22 11:08.

That's sound interesting. I'll try it.

thanks,

Finally.... what?

Submitted by mamarin on Tue, 2005-05-24 07:18.

Did you do it?
Does it run ok?

I can't....