i use external script authentication

fbv — Mon, 04 Apr 2005 22:14:28 +0000

Hello GOSH. I use here an script written in C to authenticate to the LDAP server together with the check_pass.pl
The LDAP auth from Ejabberd doesn't worked here.

LDAP

GOSH — Sat, 05 Mar 2005 09:01:24 +0000

Hi.

You sad that You do authorization over LDAP!
Could You, please, send me *WORKING* configuration file.
Send it to goshgosh@ukrpost.net or in this forum.
I expirience some problems with LDAP. It should be my mistake in configuration. But where??? Hope you will help.

Here it is info about my system:

domain - testodrom.loc
domain controller - server2003 (e.g. server2003.testodrom.loc) based on Windows Server 2003
ejabberd (0.7.5) installed on domain controller
Erl5.4.4

By the way... Jive Messenger Server - works perfectly.

ejabberd.cfg listing
====================================
% $Id: ejabberd.cfg,v 1.5 2004/10/10 17:15:24 aleksey Exp $

%override_acls.

% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "Administrator"}}.
%{acl, admin, {user, "ermine"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
{"Welcome!",
"Welcome to Jabber Service. "}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

% Authentification method. If you want to use internal user base, then use
% this line:
%{auth_method, internal}.

% For LDAP authentification use these lines instead of above one:
{auth_method, ldap}.
{ldap_servers, ["server2003"]}. % List of LDAP servers
{ldap_uidattr, "cn"}. % LDAP attribute that holds user ID
{ldap_base, "cn=users,dc=testodrom,dc=loc"}. % Base of LDAP directory

% For authentification via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentification/script"}.

% Host name:
{host, "testodrom.loc"}.

% Default language:
{language, "en"}.

% Listened ports:
{listen,
[
{5222, ejabberd_c2s, [{access, c2s},
{shaper, c2s_shaper}]},

% To create selfsigned certificate run the following command from the
% command prompt:
%
% openssl req -new -x509 -days 365 -nodes -out ejabberd.pem -keyout ejabberd.pem
%
% and answer the questions.
% {5222, ejabberd_c2s, [{access, c2s},
% starttls, {certfile, "./ejabberd.pem"},
% {shaper, c2s_shaper}]},

% When using SSL/TLS ssl option is not recommended (it requires patching
% erlang ssl application). Use tls option instead (as shown below).
% {5223, ejabberd_c2s, [{access, c2s},
% tls, {certfile, "./ejabberd.pem"},
% {shaper, c2s_shaper}]},

{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}]},

% {5555, ejabberd_service, [{access, all},
% {host, "icq.localhost", [{password, "secret"}]}]},

{5280, ejabberd_http, [http_poll, web_admin]}
]}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

% Used modules:
{modules,
[
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_configure, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_announce, [{access, announce}]},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
{mod_pubsub, []},
{mod_time, []},
{mod_last, []},
{mod_version, []}
]}.

% Local Variables:
% mode: erlang
% End:
====================================

No!

fbv — Fri, 11 Feb 2005 15:45:46 +0000

That's the problem. I receive the messages but i can't send.

So, it works now? -- san

sander — Fri, 11 Feb 2005 09:51:53 +0000

So, it works now?

--
sander

i have done it already!

fbv — Thu, 10 Feb 2005 20:53:21 +0000

You should register first of

sander — Thu, 10 Feb 2005 19:15:30 +0000

You should register first of course (to prevent spam).

--
sander

Is the mailing list working?

fbv — Thu, 10 Feb 2005 18:27:45 +0000

I cannot send any message to it. I get it delivered back to me.

No, sorry: I don't know that.

sander — Thu, 10 Feb 2005 17:39:37 +0000

No, sorry: I don't know that. But you can ask it on the mailinglist or in the chatroom so that Alexey can answer that :-)

--
sander

Thanks and one more question

fbv — Thu, 10 Feb 2005 15:50:53 +0000

Hello sander!

Thanks for your comment.

Do you know where is the line in what file? So I could comment it and recompile!

I guess it is something like a printf("\n(AUTH:%s:%s)",$user,$pass);

Thanks brother.

Alexey says it is a bug: "i'v

sander — Wed, 09 Feb 2005 16:25:24 +0000

Alexey says it is a bug: "i've used it for debugging some time ago and forgot to remove". He also says he will fix it. But you are right it will go encrypted over the internet when users use SSL or SASL.

workaround if you don't want to see their passwords:
start ejabberd with the "-detached" option.

--
sander

thanks

fbv — Wed, 09 Feb 2005 15:28:59 +0000

Ok. As I understand, the password is sent over the network in an encrypted way and then, at the server, it is decrypted to plain text. Am I right? If that's the way I think it is done.

Maybe you are interested in r

mfoss — Fri, 04 Feb 2005 22:34:58 +0000

Maybe you are interested in reading this (and maybe others) two threads in the ejabberd mailing list:

ejabberd - Comments for "Log on WITHOUT using plaintext password"

i use external script authentication

LDAP

No!

So, it works now? -- san

i have done it already!

You should register first of

Is the mailing list working?

No, sorry: I don't know that.

Thanks and one more question

Alexey says it is a bug: "i'v

thanks

Maybe you are interested in r