Home

Status of LDAPS support in ejabberd

Submitted by fseesink on Tue, 2006-03-28 01:55

I was just curious what the status was on ejabberd's support for LDAPS (LDAP over SSL). I did a search of the forums, and other than this thread:

http://www.ejabberd.im/node/613

(to which I no less wrote an entry), there's not much on the subject. Noting badlop's response in that thread where he wrote "ejabberd uses a library to get LDAP support: ELDAP. The port is hard coded on the file ejabberd_auth_ldap.erl, line 39", and as Google is your friend, decided to do a little searching.

In no time flat I ran across this thread dating back to Nov 2003 which SEEMS to indicate that ELDAP has had support for LDAPS for a few years now:

http://www.erlang.org/ml-archive/erlang-questions/200311/msg00174.html

And as the person in that particular thread was none other than Alexey himself, I figured it's quite likely that adding LDAPS support such that it just requires an adjustment of the configuration file might not be too far off.

So are there currently any plans in the works for adding LDAPS support? And if not, where is the most appropriate place to log such a feature request? :-)

Re: Status of LDAPS support in ejabberd

Submitted by mfoss on Thu, 2006-03-30 15:37.
fseesink wrote:

I figured it's quite likely that adding LDAPS support such that it just requires an adjustment of the configuration file might not be too far off.

ejabberd includes a modified version of eldap on directory ejabberd/src/eldap/. That version seems architecturally improved (better fault-tolerance etc) but lacks at least one feature included on the original eldap: LDAPS support.

fseesink wrote:

So are there currently any plans in the works for adding LDAPS support? And if not, where is the most appropriate place to log such a feature request? :-)

No known plans on short term from known developers. Submit it to Bugzilla.

After you submit the feature request, you can give this 10 minutes patch a try if you have much, much spare time. I just looked at the original code and the modified one. I have no idea of LDAP/LDAPS but tried to port some code. It's such a quick, dirty and untested code that I give you a guarantee 99.9% that:

  • this code will NOT work at all
  • maybe it connects using LDAPS, but will not send anything
  • it sends, but does not receive
  • it sends and receives, but does not close connections
  • it seems to work, but causes unstability

The patch is against SVN, and you need to change the options on eldap.erl lines 80..93 manually and recompile: use_tls=true, port=686, etc.

»
Syndicate content

User login