ejabberd - Comments for "Configuring ejabberd 2 to use AcitveDirectory with lots of OUs for auth" https://www.ejabberd.im/node/2894 en Ejabberd 2 with ActiveDirectory https://www.ejabberd.im/node/2894#comment-52002 <p>Hi MCIglo...</p> <p>1. The offline messages are stored in mnesia database in %ProgramFiles%\ejabberd-2.0.0\database</p> <p>2. I use a plain (unprivleged) user to access AD structure, and user mail properity to filter user access, but if you wanna give access to all users can use userPrincipalName property.</p> <p>This is my ejabberd.cfg file:</p> <div class="codeblock"><code>{loglevel, 4}. <p>{hosts, [&quot;domain.net&quot;]}.</p> <p>{listen,<br /> [</p> <p>&nbsp; {5222, ejabberd_c2s, [<br /> {certfile, &quot;C:\\Archivos de programa\\ejabberd-2.0.0\\conf\\server.pem&quot;}, starttls,<br /> {access, c2s},<br /> {shaper, c2s_shaper},<br /> {max_stanza_size, 65536}<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]},</p> <p>&nbsp; {5269, ejabberd_s2s_in, [<br /> &nbsp;&nbsp; {shaper, s2s_shaper},<br /> &nbsp;&nbsp; {max_stanza_size, 131072}<br /> &nbsp; ]},</p> <p>&nbsp; {5280, ejabberd_http, [<br /> http_bind, <br /> http_poll, <br /> web_admin<br /> ]}</p> <p> ]}.</p> <p>{auth_method, ldap}.<br />{ldap_servers, [&quot;server.domain.net&quot;]}.&nbsp;&nbsp;&nbsp; % List of LDAP servers<br />{ldap_base, &quot;DC=domain,DC=net&quot;}. % Search base of LDAP directory<br />{ldap_rootdn, &quot;CN=plainuser,OU=Base,DC=domain,DC=net&quot;}. % LDAP manager<br />{ldap_base, &quot;OU=Base,DC=domain,DC=net&quot;}. % Search base of LDAP directory<br />{ldap_password, &quot;password&quot;}. % Password to LDAP manager<br />{ldap_uids, [{&quot;mail&quot;, &quot;%u@domain.net&quot;}]}.<br />{ldap_uidattr, &quot;sAMAccountName&quot;}.<br />{ldap_filter, &quot;(mail=*)&quot;}.</p> <p>{shaper, normal, {maxrate, 1000}}.</p> <p>{shaper, fast, {maxrate, 50000}}.</p> <p>{acl, admin, {user, &quot;admin&quot;, &quot;domain.net&quot;}}.</p> <p>{acl, local, {user_regexp, &quot;&quot;}}.</p> <p>{access, max_user_sessions, [{10, all}]}.</p> <p>{access, local, [{allow, local}]}.</p> <p>{access, c2s, [{deny, blocked},<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {allow, all}]}.</p> <p>{access, c2s_shaper, [{none, admin},<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {normal, all}]}.</p> <p>{access, s2s_shaper, [{fast, all}]}.</p> <p>{access, announce, [{allow, admin}]}.</p> <p>{access, configure, [{allow, admin}]}.</p> <p>{access, muc_admin, [{allow, admin}]}.</p> <p>{access, muc, [{allow, all}]}.</p> <p>{access, register, [{allow, all}]}.</p> <p>{access, pubsub_createnode, [{allow, all}]}.</p> <p>{language, &quot;es&quot;}.</p> <p>{modules,<br /> [<br />&nbsp; {mod_adhoc,&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_announce, [{access, announce}]}, % requires mod_adhoc<br />&nbsp; {mod_caps,&nbsp;&nbsp;&nbsp;&nbsp; []}, <br />&nbsp; {mod_configure,[]}, % requires mod_adhoc<br />&nbsp; {mod_disco,&nbsp;&nbsp;&nbsp; []},<br />&nbsp; %%{mod_echo,&nbsp;&nbsp; [{host, &quot;echo.domain.net&quot;}]},<br />&nbsp; {mod_http_bind,[]},<br />&nbsp; %%{mod_http_fileserver, [{docroot, &quot;C:\\Archivos de programa\\ejabberd-2.0.0\\www&quot;}]},<br />&nbsp; {mod_irc,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_last,&nbsp;&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_muc,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [<br /> &nbsp; %%{host, &quot;conference.@HOST@&quot;},<br /> &nbsp; {access, muc},<br /> &nbsp; {access_create, muc},<br /> &nbsp; {access_persistent, muc},<br /> &nbsp; {access_admin, muc_admin}<br /> ]},<br />&nbsp; %%{mod_muc_log,[]},<br />&nbsp; {mod_offline,&nbsp; []},<br />&nbsp; {mod_privacy,&nbsp; []},<br />&nbsp; {mod_private,&nbsp; []},<br />&nbsp; %%{mod_proxy65,[]},<br />&nbsp; {mod_pubsub,&nbsp;&nbsp; [ % requires mod_caps<br /> &nbsp; {access_createnode, pubsub_createnode},<br /> &nbsp; {plugins, [&quot;default&quot;, &quot;pep&quot;]}<br /> ]},<br />&nbsp; {mod_register, [<br /> &nbsp; %%<br /> &nbsp; %% After successful registration, the user receives <br /> &nbsp; %% a message with this subject and body.<br /> &nbsp; %%<br /> &nbsp; {welcome_message, {&quot;Welcome!&quot;, <br /> &nbsp;&nbsp;&nbsp;&nbsp; &quot;Welcome to this Jabber server.&quot;}},</p> <p> &nbsp; %%<br /> &nbsp; %% When a user registers, send a notification to <br /> &nbsp; %% these Jabber accounts.<br /> &nbsp; %%<br /> &nbsp; %%{registration_watchers, [&quot;admin1@example.org&quot;]},</p> <p> &nbsp; {access, register}<br /> ]},<br />&nbsp; {mod_roster,&nbsp;&nbsp; []},<br />&nbsp; %%{mod_service_log,[]},<br />&nbsp; {mod_shared_roster,[]},<br />&nbsp; %%{mod_stats,&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_time,&nbsp;&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_vcard,&nbsp;&nbsp;&nbsp; []},<br />&nbsp; {mod_version,&nbsp; []},<br />&nbsp; {mod_vcard_ldap, <br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_servers, [&quot;server.domain.net&quot;]},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_rootdn, &quot;CN=plainuser,OU=Base,DC=domain,DC=net&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_password, &quot;password&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_base, &quot;OU=Base,DC=domain,DC=net&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_filter, &quot;(mail=*)&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_uids, [{&quot;mail&quot;, &quot;%u@domain.net&quot;}]},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_vcard_map,<br /> [{&quot;NICKNAME&quot;, &quot;%u&quot;, [&quot;nickname&quot;]},<br /> {&quot;GIVEN&quot;, &quot;%s&quot;, [&quot;givenname&quot;]},<br /> {&quot;FAMILY&quot;, &quot;%s&quot;, [&quot;sn&quot;]},<br /> {&quot;FN&quot;, &quot;%s, %s&quot;, [&quot;sn&quot;, &quot;givenName&quot;]},<br /> {&quot;EMAIL&quot;, &quot;%s&quot;, [&quot;mail&quot;]}]},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_search_fields,<br /> [{&quot;User&quot;, &quot;uid&quot;},<br /> {&quot;Name&quot;, &quot;givenName&quot;},<br /> {&quot;Family Name&quot;, &quot;sn&quot;},<br /> {&quot;Email&quot;, &quot;mail&quot;}]},<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ldap_search_reported,<br /> [{&quot;Apellido&quot;, &quot;FAMILY&quot;},<br /> {&quot;Nombre&quot;, &quot;GIVEN&quot;}]}<br />&nbsp;&nbsp; ]},<br />&nbsp; {mod_shared_roster_ldap,<br />&nbsp;&nbsp;&nbsp; [{ldap_servers, [&quot;server.domain.net&quot;]},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_base, &quot;OU=Base,DC=domain,DC=net&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_rootdn, &quot;CN=plainuser,OU=Base,DC=domain,DC=net&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_password, &quot;password&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_groupattr, &quot;cn&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_groupdesc, &quot;cn&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_memberattr, &quot;sAMAccountName&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_memberattr_format, &quot;uid=%u*&quot;},<br />&nbsp;&nbsp;&nbsp;&nbsp; {ldap_filter, &quot;(uniqueMember=*)&quot;}<br />&nbsp; ]}<br /> ]}.</p></code></div> Mon, 17 Mar 2008 12:52:50 +0000 cristianapas comment 52002 at https://www.ejabberd.im