ejabberd - Comments for "ldap over ssl"

The status of your LDAPS

mfoss — Fri, 23 Jun 2006 22:10:13 +0000

The status of your LDAPS patch can be tracked on its bugzilla entry and on its contribution page.

ldap over ssl

roo — Fri, 23 Jun 2006 20:54:18 +0000

I recently finished adding LDAPS to my ejabberd. I have attached the modified eldap.erl to bugzilla id #255. To make use of it, you will need to specify port 636 instead of 389 in ejabberd_auth_ldap.erl and mod_vcard_ldap.erl.

Please!

netuno — Thu, 13 Apr 2006 07:36:20 +0000

Please post the tutorial when you have finished it, many thanks!
--
suchspion

Re: I've got a perl script

mfoss — Wed, 01 Feb 2006 22:10:00 +0000

jperegrino wrote:

I've got a perl script working for external auth to our LDAP server over SSL. I'll post it once it is cleaned up.

OK, once you post it, I'll add it to the Contributions page.

I've got a perl script

jperegrino — Wed, 01 Feb 2006 16:15:55 +0000

I've got a perl script working for external auth to our LDAP server over SSL. I'll post it once it is cleaned up. If anyone wants a copy they can email me at james_peregrino@harvard.edu

Re: Also interested in LDAPS support

sander — Tue, 31 Jan 2006 21:33:54 +0000

fseesink wrote:

I plan to write up what all I've done in a tutorial when I get a chance, mostly for myself and those I work with (in case they need to do the same in the future). If anyone is interested, let me know and when I've done so, I'll post it.

It maybe can be listed on the tutorials page.

Re: ldap over ssl

mfoss — Sun, 29 Jan 2006 18:07:11 +0000

jperegrino wrote:

We connect to our ldap server *only* over ssl, on port 636. Does ejabberd support that? I see no place to specify a port number.

ejabberd uses a library to get LDAP support: ELDAP. The port is hard coded on the file ejabberd_auth_ldap.erl, line 39:

    eldap:start_link(get_eldap_id(Host, ejabberd),
             LDAPServers, 389, RootDN, Password),
    eldap:start_link(get_eldap_id(Host, ejabberd_bind),
             LDAPServers, 389, RootDN, Password),

You can try to modify that file, recompile and restart. However, the fact that nowehere on the ejabberd guide or the example ejabberd.cfg is a place to change the port or enable LDAPS indicates that it's not mean to be possible right now.

jperegrino wrote:

Secondly, does the ssl sections in the ejabberd config file have anything to do with ldap or does that just govern the communication between a jabber client and the jabber server?

The second option: they are for client and server connections, and also for the web interface.

jperegrino wrote:

If I can't specify the port, I guess that means I have to use an external script. Is the script interface documented somewhere?

Unfortunately, it isn't at all. However, there are several extauth scripts on the Contributions page that you can use as example code. As soon as you or anybody else writes such a script and sends the code to the mailing list, or here, we will publish it on that page.

Also interested in LDAPS support

fseesink — Sun, 29 Jan 2006 03:44:14 +0000

____________________________________________________________
SETUP

* Windows XP SP2
* OpenSSL for Win32 0.9.8a
* Erlang R10B-9
* ejabberd 1.0.0
* OpenLDAP for Win32 2.2.29 (Matthias Mohr's build)

____________________________________________________________
BACKGROUND

Thus far, I have been able to get the following to work:

* ejabberd with basic config (e.g., using Mnesia db)
* Various Jabber/XMPP clients work
(Exodus, GAIM, JAJC, Miranda, Pandion, Psi)
* ejabberd working with STARTTLS on port 5222 and SSL on 5223;
all clients work using their respective secured capabilities
* ejabberd federating with Google Talk and communicating fine
between ejabberd users and Google Talk users, configured both with
standard s2s and even when set to force STARTTLS on s2s sessions
* ejabberd authenticating against OpenLDAP using basic port 389 config
(need to test more, as I don't have OpenLDAP ACLs tightened down,
but thus far works as I would like)

The final piece in the puzzle is the ability to connect from ejabberd to LDAP using LDAP over SSL (LDAPS) on port 636. As mentioned by jperegrino, there is no information in the documentation nor the config comments to indicate how one might do this.

So the first question is, does ejabberd 1.0.0 support connecting to an LDAP server via LDAPS/port 636? If so, what must one do to make this work?