Home

Active Directory login problems

Submitted by CyberCowboy on Fri, 2008-04-25 19:11

OK got modules compiling now :) had the wrong package installed.

Now I'm trying to get the beasty server to use AD for user recognition. When I used the binary installer I named the "domain" the ejabberd users as schchat and the administrator user admin my active directory domain is alpha.one.com

Here is the ejabberd.cfg file

   {auth_method, ldap}.

  {ldap_servers, ["alpha.one.com"]}.    % List of LDAP servers

  {ldap_base, "OU=Users OU,OU=Zeus,DC=alpha,DC=one,DC=com"}. % Search base of LDAP directory

  {ldap_rootdn, "CN=User1,OU=Users OU,OU=Zeus,DC=alpha,DC=one,DC=com "}. % LDAP manager

  {ldap_password, "secret"}. % Password to LDAP manager

  {ldap_uids, [{"sAMAccountName"}]}.

  {ldap_filter, "(memberOf=*)"}.

When I log into the web configuration page should I be using User1@alpha.one.com or admin@schchat ?
Also how would the users be logging into the server as User2@schchat or User2@alpha.one.com or User2@one.com?

Installed on a Hardy Ubuntu box via the 32bit binary installer.

anyone able to help with

Submitted by CyberCowboy on Wed, 2008-04-30 14:51.

anyone able to help with this?

»

If you set this in

Submitted by mfoss on Mon, 2008-05-05 00:08.

If you set this in ejabberd.cfg:

{hosts, ["schchat"]}.
{acl, admin, {user, "cowboy", "schchat"}}.

{auth_method, ldap}.
{ldap_servers, ["alpha.one.com"]}.    % List of LDAP servers
{ldap_base, "OU=Users OU,OU=Zeus,DC=alpha,DC=one,DC=com"}. % Search base of LDAP directory
{ldap_rootdn, "CN=User1,OU=Users OU,OU=Zeus,DC=alpha,DC=one,DC=com "}. % LDAP manager
{ldap_password, "secret"}. % Password to LDAP manager
{ldap_uids, [{"sAMAccountName"}]}.
{ldap_filter, "(memberOf=*)"}.

Then:

  • ejabberd will serve this Jabber domain: schchat
  • The Jabber accounts will be (for example): user1@schchat user2@schchat
  • The Jabber account cowboy@schchat has admin privileges, so make sure it belongs to you and only you knows the password. Then login in the webadmin specifying cowboy@schchat and the password of that account.
  • Obviously, your contacts cannot chat with other Jabber servers in Internet because your Jabber domain is not FQDN. If someday you want to allow such possibility, you will need to make a mass modification of the database to update all the contact lists.
  • When a user tries to login in ejabberd, ejabberd will contact the LDAP server alpha.one.com using all the other information you configured.
»
Syndicate content

User login