ejabberd - Comments for "Active Directory and user in multiple groups"

The mod_shared_roster_ldap

mikekaganski — Thu, 21 Jul 2011 11:35:23 +0000

The mod_shared_roster_ldap can only create one shared roster for a domain. I don't know a way how could you do otherwise, i.e. how to specify the information about which group should get which shared roster. If all this information should be specified in the config file, then it would become huge and error-prone. And what to do when a new group is created in LDAP? And if this information should be in the LDAP, then LDAP needs to fit to the mod_shared_roster_ldap requirements, and that's impossible (directory services are never created to please a jabber server admin).
The only possible solution would be an option that would for each user create the roster with only those users that are in the same groups that the user is in. This possibility should be considered.
The new version that is available for testing from https://support.process-one.net/browse/EJAB-1480 does support the grouping of users based on AD groups (I modified it specifically for that purpose).
In this version, as well as in previous, and in other configurations, ejabberd does support users being more than in one group. However, as far as I know, most clients don't support this (so even when you will get the roster with a user being in many groups, you will see it in one group only). It's a client-side issue (see http://www.ejabberd.im/node/4855), so neither ejabberd nor mod_shared_roster_ldap can do anything here.

Thanks, SasaXmmp. So, only

Dmitry Panoff — Tue, 31 May 2011 07:58:58 +0000

Thanks, SasaXmmp.
So, only thing I can do with mod_shared_roster_ldap is to create one shared roster for all users, and I can't divide them to groups, according to my needs, f.e. one user in different groups, right?

Hi, you are not alone with

SasaXmmp — Fri, 13 May 2011 07:39:17 +0000

Hi, you are not alone with this problem. I read few posts on this forum about roster_ldap configuration and looks like there is no indications (on forum), that somebody was successfull with combination of AD and roster_ldap module.
I have 2.1.6 with AD, and I havent problem with setup authentification through ldap and vcard_ldap running fine too. But problems with roster_ldap are very frustrating :( .