LDAP authentication error

I'm getting repeated errors in my /var/log/ejabberd/ejabberd.log file, every second. The error reads:

=ERROR REPORT==== 2010-01-20 17:25:23 ===
E(<0.262.0>:eldap:873) : LDAP connection failed on localhost:636
Reason: econnrefused

This is all of the config I have for LDAP in my ejabberd.cfg file:

{ldap_servers, ["localhost"]}.
{ldap_rootdn, "cn=admin,dc=domain,dc=com"}.
{ldap_password, "secret"}.
{ldap_uidattr, "uid"}.
{ldap_base, "ou=People,dc=domain,dc=com"}.

I've got OpenLDAP configured locally on the same machine, and I'm trying to get ejabberd to use this local LDAP directory for authentication. The LDAP server is currently configured and has one test account in the "People" OU and can't authenticate. It looks like the ejabberd server can't even open a connection to the LDAP server, though. Anyone know what I could be missing?

Add: {ldap_encrypt, none}.

Sometime in the past you had this option:

{ldap_encrypt, tls}.

Later you removed it from the config file, but it is remembered in the ejabberd internal database.

Better say explicitly you don't want to use encryption:

{ldap_encrypt, none}.

I think I've got that

I think I've got that configured now...

{ldap_encrypt, none}.
{ldap_port, 389}.

When I tail /var/log/ejabberd/ejabberd.log, I repeated connections to the LDAP server, about once a second. And they look like successful connections. My issue now is logging in with an actual user account in my Jabber client. I guess I also don't understand what username I use to login from the client. Do the Jabber "hostnames" in the config file still apply, since Jabber is now taking over authentication?

If I have hostnames in config like this:

{hosts, ["example.net"]}.

And the test user has a uid in the directory, do I use a username like "uid@example.net"?

I'm trying that in Adium, and it seems to be seeing the server, but repeatedly asking for a password... I see nothing in the ejabberd log that looks suspicious...

uid@example.net should work

Quote:

And the test user has a uid in the directory, do I use a username like "uid@example.net"?

Right. If that doesn't work, sniff the traffic (using a program like Ethereal/Wireshark, or tcpflow) between ejabberd and the LDAP server, maybe this gives you some idea where is the problem.

Syndicate content