Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

Shared roster empty following upgrade from 13.12 to 15.02

Submitted by jonathantullett on Mon, 2015-03-16 09:59

ejabberd Administration

I upgraded a server from 13.12 to 15.02 over the weekend, which meant switching the config file over to yml format (a welcome upgrade!)

However, when users connect the shared roster (windows active directory) is no longer populating. When MUC rooms are joined, it's possible to see everyone, but they are all appearing as 'Not Authorized'

The config I have is:

modules:
  mod_shared_roster_ldap:
    - ldap_rfilter: "(objectClass=user)"
    - ldap_user_cache_validity: "10"
    - ldap_group_cache_validity: "10"
    - ldap_groupattr: "ipPhone"
    - ldap_memberattr: "sAMAccountName"
    - ldap_userdesc: "displayName"

This is ported over from:

{modules, [
 {mod_shared_roster_ldap,[
        {ldap_rfilter, "(objectClass=user)"},
        {ldap_user_cache_validity, "10"},
        {ldap_group_cache_validity, "10"},
        {ldap_groupattr, "ipPhone"},
        {ldap_memberattr, "sAMAccountName"},
        {ldap_userdesc, "displayName"}
   ]}
]}

Any ideas what could be the issue?

Hello, I am a bit puzzled by

Submitted by mremond on Mon, 2015-03-16 14:59.

Hello,

I am a bit puzzled by your comment:

jonathantullett wrote:

When MUC rooms are joined, it's possible to see everyone, but they are all appearing as 'Not Authorized'

Shared roster are completely independant from MUC, so I am not sure what you mean.

It was just an interesting

Submitted by jonathantullett on Wed, 2015-03-18 05:54.

It was just an interesting observation - while the shared roster is empty, everyone can see each other in the chat rooms, though each person has 'not authorized' next to their name.

I rolled back to 13.12 and it started working again, so it's something odd with the shared roster config in 15.02. Any ideas? Is there further information I can post which would help?

It may be a bug indeed. Hard

Submitted by mremond on Wed, 2015-03-18 19:38.

It may be a bug indeed. Hard to test however as I do not have ldap directory handy, so it may take a while to investigate.

Do you have any logs in debug mode to share ? You could upload that to a gist (if you have a Github account) or any type of online paste bin.

Thanks !

I do have a debug logs to

Submitted by jonathantullett on Sat, 2015-03-21 16:14.

I do have a debug logs to share from a test run this morning. Could you email me jonathan (at) ddasystems (dot) com and I'll reply with them? The debug logs have a fair amount of authorisation information within them.

Thanks!

Did you see my earlier

Submitted by mremond on Sat, 2015-03-21 17:08.

Did you see my earlier comment from the 18th about the syntax ? I think your fragment need to be without the dashes.

It seems my comment on this

Submitted by jonathantullett on Wed, 2015-03-25 08:19.

It seems my comment on this was lost at the weekend.

Yes, removing the dashes (array), fixed the issue. Thank you for the pointer!

Actually, it just caught my

Submitted by mremond on Wed, 2015-03-18 20:22.

Actually, it just caught my attention that the yaml syntax is probably not the correct one.

Could you please try with:

modules:
  mod_shared_roster_ldap:
    ldap_rfilter: "(objectClass=user)"
    ldap_user_cache_validity: "10"
    ldap_group_cache_validity: "10"
    ldap_groupattr: "ipPhone"
    ldap_memberattr: "sAMAccountName"
    ldap_userdesc: "displayName"

and report ?

I remove the dash which seems erroneous.

Hello Jonathan, Did the yaml

Submitted by mremond on Tue, 2015-03-24 17:22.

Hello Jonathan,

Did the yaml format change in your config solve the issue ?