ejabberd - Comments for "Ubuntu 10.4 LTS with ejabberd 2.1.2 and shared_roster_ldap"

Hello, i did now:

MDCYP — Mon, 28 Nov 2011 16:00:16 +0000

Hello,

i did now:

{mod_shared_roster_ldap, [
{ldap_base,"ou=People,dc=cypres-it,dc=com"},
{ldap_filter, ""},
{ldap_rfilter, "(&(objectClass=posixAccount)(postalCode=D-44135))"},
{ldap_groupattr,"o"},
{ldap_gfilter, "(&(objectClass=posixAccount)((postalCode=%g))"},
{ldap_groupdesc,"o"},
{ldap_memberattr,"uid"},
{ldap_memberattr_format, "%u"},
{ldap_ufilter, "(uid=%u)"},
{ldap_userdesc, "cn"},
{ldap_useruid, "mail"}

But this just shows me some search results in debug mode

=INFO REPORT==== 2011-11-28 14:25:17 ===
D(<0.375.0>:eldap:695) : {searchResEntry,
{'SearchResultEntry',
"cn=Bernhard XXXXX,ou=People,dc=cypres-it,dc=com",
[{'PartialAttributeList_SEQOF',"o",
["CyprÃ¨s GmbH"]}]}}

but nothing get pushed to my jabber acc.

I am using ubuntu 10.4 LTS and ejabber 2.1.2 - are you sure thats working with this shared_roster_ldap ?

Then send me your logs to

mikekaganski — Thu, 24 Nov 2011 20:57:24 +0000

Then send me your logs to mikekaganski@hotmail.com. Remember to strip sensitive information before send.

Hello, thanks again for your

MDCYP — Thu, 24 Nov 2011 15:54:58 +0000

Hello,

thanks again for your help.
I am still trying to get anything to work.. at the moment i added your lines in my config and i dont see any group ppushed to my jabber account yet.
I am trying to run in debug=5 and live mode to see if he does any searches.. but i fail.

Can you tell me a pretty simple config to test if ANYTHING will be pushed to my psi client - my problem is.. i need first to be sure that this module is working :)

I replied 8 hours ago, but

mikekaganski — Wed, 23 Nov 2011 22:09:13 +0000

I replied 8 hours ago, but the answer is being moderated again. This moderation system makes the forum almost useless.

Well, in addition to the previous (still unpublished) reply, I must note:
1. The configuration I posted may contain errors, but I don't remember exactly where, and I cannot fix it until it is here (and when I will try to fix it after approval, it will go to moderation again!). One (possible) fix is needed in objectClass value, and two others are just to optimize the work a little.
2. In the best optimized case, the already installed module will need [2+user_number] LDAP queries and [1 + 2*user_number] objects returned by LDAP initially (when the cache is first initialized), and at least 1 LDAP query and 1 object returned afterwards (when the cache is still valid) each time users needs their roster or subscription information. The new module will initially need [2+user_number] queries and [2+user_number] returned objects (which may be a considerable gain in case of many users), and no more queries will be needed in the cache lifetime.

Yes, in this case this will

mikekaganski — Wed, 23 Nov 2011 12:53:11 +0000

Yes, in this case this will most likely be OK:

{mod_shared_roster_ldap, [
 {ldap_base,"ou=People,dc=cypres-it,dc=com"},
 {ldap_filter, ""}, % don't do harmful additions to filters
 {ldap_rfilter, "(&(objectClass=organizationalUnit)(o=Company))"},
 % maybe you can omit objectClass, or use some other value to filter your users.
 % This will select all users as objects that define your groups.
 {ldap_groupattr,"o"}, % This will extract the "o" attribute from your users,
 % and the resulting values list will become the list of your groups
 % (presumably only one distinct value "Company")
 {ldap_gfilter, "(&(objectClass=organizationalUnit)(o=%g))"},
 % this filter will effectively bring the same objects as ldap_rfilter did
 {ldap_groupdesc,"o"}, % The name of your group will be "Company"
 {ldap_memberattr,"mail"},
 {ldap_memberattr_format, "%u@cypres-it.com"},
 {ldap_ufilter, "(mail=%u@cypres-it.com)"},
 {ldap_userdesc, "cn"},
 {ldap_useruid, "mail"} % this is possibly the problem. But you need to check this first.
]},

Thank you for your help. I am

MDCYP — Wed, 23 Nov 2011 12:31:27 +0000

Thank you for your help.

I am using openldap and i think all employees have o=Company in common.

Can i then use the module i installed?

So you say that you need one

mikekaganski — Mon, 21 Nov 2011 23:33:00 +0000

So you say that you need one shared group with all users of that OU? And those users don't have anything in common, except this OU (I mean no common LDAP group, no common attribute)?
Assuming that, and also guessing that you use AD (you didn't specify that), I must say that the module version that you use is unable to do what you want.
You need to get a modified version from EJAB-1480 (you will need version 2.0.6 from 26/Aug/11).

Then you will need to have a look at the configuration options listed there. They have been changed a lot.

Your config will look like this:

{mod_shared_roster_ldap, [
 {ldap_base,"dc=xxx-it,dc=com"},
 {ldap_rfilter, "(&(objectClass=organizationalUnit)(ou=People))"}, % Here you get the OU objects that represent your roster groups; in your case it's only one object
 {ldap_groupattr, "objectGUID"}, % This is the attribute of these objects that uniquelly distinguishes each one of them from others
 {ldap_gfilter, "(objectGUID=%g)"}, % This will select your roster groups one by one - in your case, only once :)
 {ldap_groupdesc, "ou"}, % This will be the display name of the roster group
 {ldap_member_selection_mode, group_children}, % You will simply select LDAP subobjects of your OU
 {ldap_useruid, "mail"},
 {ldap_useruid_format, "%u@xxx-it.com"}, % Another assumption - I suppose you have all your users' mails to belong to one "xxx-it.com" domain. If not, you will need ldap_useruid_format_re instead
 %{ldap_useruid_format_re, "^(.+)@.*$"},
 {ldap_userdesc, cn} % Not really necessary here - this is the default. I put it only to clarify things
 ]}

Note that you cannot define arbitrary domain to put after "@" - this module will authomatically put the ejabberd domain here.
Note also that the module version 2.0.6 has a known compatibility problem with erlang older than R13A. If your erlang is older, then you may either upgrade erlang, or consider upgrading ejabberd to v.2.1.9+ to be able to use the latest module version that has this problem fixed.

Hello !! i have 2.1.2 and

MDCYP — Mon, 21 Nov 2011 13:15:56 +0000

Hello !!

i have 2.1.2 and installed: ejabberd-mod-shared-roster-ldap_0.5.3-1ubuntu1~lucid1_all.deb

and my LDAP schema is: dc=xxx-it, dc=com and then ou=People and there cn=Max Mustermann (and all the others as other cn´s) and in a users field i need the mail attribut and add 'office' after the @ to get the jabber account name

Hello MDCYP, you haven't

mikekaganski — Thu, 17 Nov 2011 22:04:01 +0000

Hello MDCYP,

you haven't specified the mandatory parameter ldap_rfilter. Besides, your other two filters are incorrect. You didn't tell which version of the module do you use (ejabberd 2.1.2 didn't include this module, it was bundled since 2.1.6), and you didn't describe your LDAP schema and your desired result. Please provide this info if you need further help.