Home » Forums » ejabberd & XMPP » ejabberd Administration

Register access probems with different virtual hosts

Submitted by ulab on Thu, 2011-05-05 12:33

Hi,

I'm trying to set up an ejabberd with two virtual hosts. One authenticates its users via LDAP (and does not need registration then, right?), the other is supposed to allow registration of new users for guests and friends.

So I've configured something like this:

{hosts, ["jabber.example.com", "guest.jabber.example.com"]}.

{host_config, "guest.jabber.example.com", [{auth_method,   internal},
                                              {access, register, [{allow, all}]} ]}.

{host_config, "jabber.example.com", [{auth_method,   ldap},
                                        {ldap_servers,  ["ldap.example.com"]},
                                        {ldap_base, "ou=people,dc=example,dc=com"},
                                        {ldap_uids,     [{"uid"}]},
                                        {access, register, [{deny, all}]} ]}.

Since the documentation says that global access rules override virtual hosts ones, I've commented the global "access, register [{deny, all}]" rule.

LDAP users can authenticate this way (can I see ldap users somewhere, since they don't have to register?), but guests still get an "access denied" message.

What am I doing wrong?

Greetings,
Balu

‹ shared roster error? {badmatch, {error, Deleting LDAP authenticated users ›

Your configuration looks

Submitted by mfoss on Mon, 2011-05-09 14:19.

Your configuration looks correct. Some ideas to try:

1. Enable the override options in ejabberd.cfg

2. The guest users must create their accounts before trying to authenticate. Are they able to register the accounts?

3. If still doesn't work, how did you install ejabberd (debian, ubuntu, installer, source), and what version?

»

Hi, thanks for your reply. 1.

Submitted by ulab on Wed, 2011-05-11 13:29.

Hi,

thanks for your reply.

1. You are talking about override_global., override_local. and override_acls.?
Are those responsible for access rules too?

2. The error message is returned when the guests are trying to register.

3. Debian package 2.1.5-3

I think I fixed it though. It works when I set a global {access, register, [{allow, all}]}. The LDAP users can not / don't have to register anyway if I understand the LDAP authentication anyway.

Balu

»

Re

Submitted by mfoss on Thu, 2011-05-12 19:30.
ulab wrote:

1. You are talking about override_global., override_local. and override_acls.?
Are those responsible for access rules too?

Yes, one of them but I don't remember which one.

ulab wrote:

The LDAP users can not / don't have to register anyway if I understand the LDAP authentication anyway.

Right. At least ejabberd_auth_ldap.erl does not support account registration, it just returns "error, not_allowed".

»
Syndicate content

User login