Hello all,
I had at one time a working set up for ejabberd that allowed me to pull all of the ldap users and populate contact lists for clients. For whatever reason however, I am unable to get get the users in ldap to show up in the contact list now - even trying to the same configuration file as when it worked. Looking at the logs I can clearly see that all of the ldap users are able to be searched and are in fact found:
(sensitive information removed)
=INFO REPORT==== 2013-01-14 13:30:10 ===
D(<0.359.0>:eldap:767) : {searchResEntry,
{'SearchResultEntry',
"CN=blah,OU=group,DC=example,DC=local",
[{'PartialAttributeList_SEQOF',
"sAMAccountName",
["blahblah"]}]}}
And I thought that it would automatically add the users to the roster since it's part of the mod_shared_roster_ldap module:
{mod_shared_roster_ldap, [
{ldap_groupattr, "sAMAccountName"},
{ldap_groupdesc, "description"},
{ldap_memberattr, "member"},
{ldap_useruid, "sAMAccountName"},
{ldap_userdesc, "displayName"},
{ldap_rfilter, "(objectClass=person)"},
{ldap_gfilter, "(objectClass=person)"},
{ldap_ufilter, "(&(objectClass=user)(cn=%u))"},
{ldap_filter, ""}
]},
Note: I have mod_shared_roster disabled
OS: Windows Server 2008 R2
Ejabberd 2.1.10
Thank you for your time,
You config could never be
You config could never be working. Personally I guess you have been used mod_shared_roster to get all your users at past.
You forgot to describe your LDAP. I guess it's Windows AD (based on your OS). Also, your groups/users layout is required to make a working config.
Note that mod_shared_roster is not needed for mod_shared_roster_ldap; mod_roster _is_ required.
Still, if you need all your users to be in a simple list, you could prefer using mod_shared_roster and its @all@ syntax.
Yes it is Windows AD,
Yes it is Windows AD, basically I just want to add all people under a particular OU to start with (heck just to get it working in the first place).
OU=group2,OU=group1,DC=example,DC=local
sAMAccountName is the username for logins (blah@example.local)
CN is the name of the user (John Doe)
displayName is the same as the CN (John Doe)
None of these people are part of a specific group other than domain users - only thing in common is they are under the same OU.
See I read in some of the configuration notes regarding mod_shared_roster that it doesn't work on ldap users. Regardless I tried @all@ syntax for a new shared roster and it still didn't work. mod_roster is enabled already.
(Noted on this page, LDAP and mod_shared_roster doesn't work together: http://www.ejabberd.im/shared-roster-all)
Well then, you may try
Well then,
you may try this:
{mod_shared_roster_ldap, [ {ldap_base, "OU=group2,OU=group1,DC=example,DC=local"}, {ldap_filter, ""}, {ldap_rfilter, "(objectClass=person)"}, {ldap_groupattr, "company"}, % I assume you have a common value in this attribute; adjust as appropriate {ldap_gfilter, "(&(objectClass=person)(company=%g))"}, {ldap_groupdesc, "company"}, {ldap_memberattr, "sAMAccountName"}, {ldap_ufilter, "(&(objectClass=person)(sAMAccountName=%u))"}, {ldap_useruid, "sAMAccountName"}, {ldap_userdesc, "displayName"} ]},That did it! Well mostly -
That did it! Well mostly - but its probably a mod_vcard_ldap issue at this point.
The users were pushed to the contact list of the two clients I am using to test...the only snag I find is that when users log in it shows their LDAP username (but hey, it shows them as logging in so this is a ton of progress). I remember posting a question about this issue before and was directed to use mod_vcard_ldap to resolve it and have the displayName show up instead of the sAMAccountName.
I have to ask though since the changes were really small, what made you think to suggest the changes?
I see now, we met already
I see now, we met already here.
What made me? Difficult question. Would you ask this question when a teacher corrects a pupil's homework? I think I have some expertise in this specific field, as I devoted quite some time to get acquainted with this module' work, and made to it.