eJabberd 2.1.2
LDAP authentication (Active Directory)
Everything works fine, except for displaying registered users (and number of registered users)
I looked at traffic coming from ejabberd to LDAP when loading the page - all ok, ejabberd sends "searchRequest" and recieves many "searchResEntry"s that contain users infos
But registered users list is not displayed
PS: no errors in logs
Increase loglevel and check for ideas
I tried ejabberd 2.1.2 against my small slapd server (only two accounts registered). In all the WebAdmin pages it shows the correct information about number of users, and their usernames.
You can try like I did, and compare the log result. Maybe it gives you some idea. I know almost nothing of LDAP.
First increase the loglevel in ejabberd.cfg to 5.
Then browse some WebAdmin, for example the statistics about the ldap host. In my case I have two vhosts, one called "localhost" with internal auth, and "ldap.localhost" with ldap auth.
Then check ejabberd.log It should have something more or less like:
=INFO REPORT==== 3-Mar-2010::23:47:12 === I(<0.407.0>:ejabberd_listener:232) : (#Port<0.4327>) Accepted connection {{127,0,0,1},37741} -> {{127,0,0,1},5280} =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.409.0>:ejabberd_http:135) : S: [{["http-prebind"],mod_http_bind}, {["webadmin"],mod_af83_webadmin}, {["rest"],mod_rest}, {["register"],mod_register_web}, {["presence"],mod_webpresence}, {["avatar"],mod_http_fileserver}, {["jwchat"],mod_http_fileserver}, {["captcha"],ejabberd_captcha}, {["admin"],ejabberd_web_admin}, {["http-bind"],mod_http_bind}, {["http-poll"],ejabberd_http_poll}] =INFO REPORT==== 3-Mar-2010::23:47:12 === I(<0.409.0>:ejabberd_http:137) : started: {gen_tcp,#Port<0.4327>} =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.409.0>:ejabberd_http:254) : (#Port<0.4327>) http query: 'GET' /admin/server/ldap.localhost/stats/ =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.409.0>:ejabberd_http:322) : ["admin","server","ldap.localhost","stats"] matches ["admin"] =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.259.0>:eldap:634) : {searchRequest, {'SearchRequest',"dc=pike",wholeSubtree, neverDerefAliases,0,5,false, {present,"uid"}, []}} =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.259.0>:eldap:695) : {searchResEntry, {'SearchResultEntry', "uid=tester,ou=People,dc=pike", [{'PartialAttributeList_SEQOF', "objectClass", ["top","account","posixAccount"]}, {'PartialAttributeList_SEQOF',"uid", ["tester"]}, {'PartialAttributeList_SEQOF',"cn", ["Test User"]}, {'PartialAttributeList_SEQOF',"gecos", ["Test User"]}, {'PartialAttributeList_SEQOF',"uidNumber", ["2000"]}, {'PartialAttributeList_SEQOF',"gidNumber", ["2000"]}, {'PartialAttributeList_SEQOF', "homeDirectory", ["/home/tester"]}, {'PartialAttributeList_SEQOF',"loginShell", ["/bin/bash"]}, {'PartialAttributeList_SEQOF', "userPassword", ["sompass"]}]}} =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.259.0>:eldap:695) : {searchResEntry, {'SearchResultEntry', "uid=robin,ou=People,dc=pike", [{'PartialAttributeList_SEQOF', "objectClass", ["top","account","posixAccount"]}, {'PartialAttributeList_SEQOF',"uid", ["robin"]}, {'PartialAttributeList_SEQOF',"cn", ["Test User"]}, {'PartialAttributeList_SEQOF',"gecos", ["Test User"]}, {'PartialAttributeList_SEQOF',"uidNumber", ["2001"]}, {'PartialAttributeList_SEQOF',"gidNumber", ["2001"]}, {'PartialAttributeList_SEQOF', "homeDirectory", ["/home/robin"]}, {'PartialAttributeList_SEQOF',"loginShell", ["/bin/bash"]}, {'PartialAttributeList_SEQOF', "userPassword", ["otherpass"]}]}} =INFO REPORT==== 3-Mar-2010::23:47:12 === D(<0.259.0>:eldap:695) : {searchResDone, {'LDAPResult',success,[],[],asn1_NOVALUE}}In my case that page said it has 2 accounts registered.
ldap_auth with AD - bug(?) in documentation
I changed config from
{ldap_uids, [{"sAMAccountName"}]}.to{ldap_uids, [{"sAMAccountName", "%u"}]}.and all works.But Install Guide contains recomendation to use
{ldap_uids, [{"sAMAccountName"}]}.in ldap_auth example config for ADMay be this is documentation bug, but I think that parameter should be initialized with a default value if the value is not specified explicitly.
By the way thanks for the advice.
Added ticket
Ok, I've added this as a ticket: