ejabberd - Comments for "mod_shared_roster_ldap"

Yes, if you enable level 5

mikekaganski — Tue, 08 Nov 2011 01:04:21 +0000

Yes, if you enable level 5 logging, then you will see entries like

=INFO REPORT==== 4-Aug-2011::09:31:54 ===
D(<0.286.0>:eldap:675) : {searchRequest,
                          {'SearchRequest',
                           "OU=SomeOU,DC=example,DC=com",
                           wholeSubtree,neverDerefAliases,0,0,false,
                           {equalityMatch,
                            {'AttributeValueAssertion',"sOMEAttributeNameHere",
                             "value"}},
                           ["sOMEAttributeNameHere"]}}

and zero or more

=INFO REPORT==== 4-Aug-2011::09:31:54 ===
D(<0.286.0>:eldap:746) : {searchResEntry,
                             {'SearchResultEntry',
                                 "CN=SomeCN,OU=SomeOU,DC=example,DC=com",
                                 [{'PartialAttributeList_SEQOF',
                                      "sOMEAttributeNameHere",
                                      ["value"]}]}}

after which you will see

=INFO REPORT==== 4-Aug-2011::09:31:54 ===
D(<0.286.0>:eldap:746) : {searchResDone,
                             {'LDAPResult',success,[],[],asn1_NOVALUE}}

This is the representation of LDAP query with filter "(sOMEAttributeNameHere=value)" that is run against whole subtree of OU=SomeOU,DC=example,DC=com, and asking server to return attribute sOMEAttributeNameHere in returned objects.

You may see complex filters as multiple "equalityMatch", "extensibleMatch", "approxMatch", and so on, or'ed or and'ed together.

However, you will find out that you are unable to construct a config that shows you members of an AD group in a shared roster. This is a inherent limitation of the vanilla mod_shared_roster_ldap. You will need to group those users by some their common attribute, or use a modified version of this module that is available at EJAB-1480. That modified version allows much greater flexibility and (I hope) much clearer configuration.

Ahh, your totally right, I've

bburress — Mon, 07 Nov 2011 14:19:39 +0000

Ahh, your totally right, I've probably changed my config like a hundred times and just noticed this when leaving the rfilter out. So the problem really is my config, I've been reading the documentation and changing my config over and over and just can't get the roster to show correctly. Is there a way to see what queries the module is throwing at my AD servers? Again i set logging to 5 adn have paged through but don't see it listed anywhere.

My config:
{mod_shared_roster_ldap, [
{ldap_base, "ou=chat,dc=domain,dc=com"},
{ldap_rfilter, "(objectClass=group)"},
{ldap_gfilter, "(objectClass=group)"},
{ldap_groupdesc, "description"},
{ldap_memberattr, "member"},
{ldap_userdesc, "displayName"}
]}, %%mod_shared_roster_ldap

in my chat OU I have a group with the members in it that I would like in that group. I must admit though the ufilter and mbmerattr_format are a bit confusing to me, it would be extremely helpful if i could see the queries.

There already was a report of

mikekaganski — Sat, 05 Nov 2011 13:11:11 +0000

There already was a report of (supposedly) same problem: http://www.ejabberd.im/node/4243. Unfortunately, then it was unanswered.

I must admit it that I was overly confident. Everything relevant already was in your first post.
The problem is caused by incorrect configuration. You didn't specify ldap_rfilter parameter in your config. Thus it had the value "undefined", and erlang just couldn't find a version of eldap_filter:parse (erlang calls it "function clause") that would accept this value.
Unfortunately, the vanilla version of this module doesn't show a sensible error message in this case.

So, if you will define it, you will bypass this problem, and after that you will need to fix other options to make it work. You may ask here if you will need help, but first be sure that you have read the ejabberd Installation and Operation Guide. The bundled version of mod_shared_roster_ldap is covered there in full detail.

Hope this helps.

OpenSuse 11.4 Ejabberd

bburress — Fri, 04 Nov 2011 12:26:03 +0000

OpenSuse 11.4
Ejabberd 2.1.9
PostgreSQL 9.0.3
Binary installer
mod_shared_roster_ldap was packaged

I've tried setting the log level to 5 and capturing more information that way, but nothing is present about the error when I do that.

This error tells that erlang

mikekaganski — Thu, 03 Nov 2011 23:37:20 +0000

This error tells that erlang cannot find the function "eldap_filter:parse". This problem is reported when ejabberd tries to get subscription lists for this user, and when it needs to build this user's roster. Both times the problem is, as you correctly pointed out, in mod_shared_roster_ldap.

What is your OS? What version of ejabberd do you use? How was it installed (binary installer or compiled from source)? How the faulty module was installed (was it the bundled version, or did you use some other source)? Why don't people seeking for help never pay attention to the common rules of reporting errors? This is impolite!

By the way, your config isn't right, it won't work, but the problem you report isn't caused by your config.