Home » Forums » ejabberd & XMPP » ejabberd Administration

mod_shared_roster_ldap: Problem with getting LDAP contacts

Submitted by florian on Thu, 2010-08-19 15:28

I am a newbee and I use ejabberd 2.1.5 and can successfully authenticate against LDAP, but I have the problem to get the contacts from the LDAP with the mod_shared_roster_ldap module. There are no specific error messages in the log files related to the usage of the module. If it helps, then I also can send you the appropriate log-file from /var/log/ejabberd/ejabberd.log
My target is to get the contacts from the LDAP automatically. I use PSI v0.14.
Thank you for your help!

cat /etc/ejabberd/ejabberd.cfg

override_global.
override_local.
override_acls.

{acl, admin, {user, "me", "testjabber.company.de"}}.

{hosts, ["testjabber.company.de"]}.

{loglevel, 5}.

{listen,
[
  {5222, ejabberd_c2s, [{access, c2s},{shaper, c2s_shaper},{max_stanza_size, 65536},
  starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}]},
  {5269, ejabberd_s2s_in, [{shaper, s2s_shaper},{max_stanza_size, 131072}]},
  {5280, ejabberd_http, [http_poll,web_admin]}
]}.

{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.

{host_config, "testjabber.itk.local", [{auth_method, ldap},
   {ldap_servers, ["x.x.x.x"]},
   {ldap_port,389},
   {ldap_base, "ou=department,dc=company,dc=de"},
                                   {ldap_uids, [{"sAMAccountName"}]},
   {ldap_rootdn, "CN=jabber user,ou=User,ou=Global,ou=department,dc=company,dc=de"},
   {ldap_filter, "(objectClass=user)"},
   {ldap_password, "secret1"},
   {search,true},
   {matches,infinity},
   {allow_return_all, false}]}.

{shaper, normal, {maxrate, 10000}}.
{shaper, fast, {maxrate, 100000}}.

{acl, local, {user_regexp, ""}}.
{access, max_user_sessions, [{10, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked},{allow, all}]}.
{access, c2s_shaper, [{none, admin},{normal, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc, [{allow, all}]}.
{access, register, [{allow, all}]}.
{access, pubsub_createnode, [{allow, all}]}.

{language, "en"}.

{modules,
[
  {mod_adhoc,    []},
  {mod_announce, [{access, announce}]}, % requires mod_adhoc
  {mod_caps,     []},
  {mod_configure,[]}, % requires mod_adhoc
  {mod_ctlextra, []},
  {mod_disco,    []},
  {mod_irc,      []},
  {mod_last,     []},
  {mod_muc,      [
  {access, muc},
  {access_create, muc},
  {access_persistent, muc},
  {access_admin, muc},
  {max_users, 500}
]},
  {mod_offline,  []},
  {mod_privacy,  []},
  {mod_private,  []},
  {mod_proxy65,  [
  {access, local},
  {shaper, c2s_shaper}
]},
  {mod_pubsub,   [ % requires mod_caps
  {access_createnode, pubsub_createnode},
  {plugins, ["default", "pep"]}
]},
  {mod_register, [
  {welcome_message, {"Welcome!",
     "Welcome to a Jabber service powered by Debian. "
     "For information about Jabber visit "
     "http://www.jabber.org"}},
  {access, register}
]},
  {mod_roster,   []},
  {mod_time,     []},

  {mod_version,  []} ,

  {mod_shared_roster_ldap,[
      {ldap_base, "ou=location,ou=department,dc=company,dc=de"},
      {ldap_rfilter, "(objectClass=group)"},
      {ldap_filter,  ""},
      {ldap_gfilter, "(&(objectClass=group)(cn=%g))"},
      {ldap_memberattr, "member"},
      {ldap_memberattr_format_re, "cn=(.*),ou=User,ou=location,ou=department,dc=company,dc=de"},
      {ldap_groupdesc, "sAMAccountName"},
      {ldap_ufilter,"(&(objectClass=user)(cn=(.*)))"},
      {ldap_userdesc, "displayName"},
      {ldap_servers, ["x.x.x.x"]},
      {ldap_port, 389},
      {ldap_rootdn, "CN=jabber user,ou=User,ou=Global,ou=department,dc=company,dc=de"},
      {ldap_password, "secret1"},
      {ldap_auth_check, off},
      {ldap_user_cache_validity,10},
      {ldap_group_cache_validity,10}
  ]}
]}.

%%% $Id: ejabberd.cfg.example 1178 2008-02-08 18:28:36Z badlop $

%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8:

‹ Logs of rooms error after connection attempt... need help ›

Anyone?

Submitted by florian on Tue, 2010-08-24 09:36.

Anyone?

»

wrong manual?

Submitted by igorsh on Mon, 2010-09-27 04:48.

I get same problem when try to configure module for deep DIT with example from manual. In log I see that ldap filters work correct, but roster is empty. When I configure module for flat DIT, everything works fine.
Maybe manual is incorrect and we try wrong configuration?

»

hi florian did u already have

Submitted by newc0mer on Mon, 2010-08-30 15:03.

hi florian

did u already have success? I have the same problem and no solution too.

when i sniff the traffic between ejabberd and active directory I see that the required information is transfered... but no buddies appear in the roster...

»

hi newc0mer, hi

Submitted by florian on Wed, 2010-09-01 11:32.

hi newc0mer, hi all,

unfortunately i am not successful. now i just get only one error report at debuglevel 5 when i am stopping ejabberd with ejabberdctl stop. i get the contacts in ejabberd.log but the buddies do not appear in the roster.
therefore i think it is just a configuration problem.

i would be pleased if someone could tell me how to fix the problem or could help me how i can debug step by step with ejabberdctl debug

thank you,
florian

»
Syndicate content

User login