ejabberd - Comments for "Issue sharing members of ldap group"

I see now, we met already

mikekaganski — Wed, 16 Jan 2013 22:17:28 +0000

I see now, we met already here.

What made me? Difficult question. Would you ask this question when a teacher corrects a pupil's homework? I think I have some expertise in this specific field, as I devoted quite some time to get acquainted with this module' work, and made some patches to it.

That did it! Well mostly -

sr0berson — Wed, 16 Jan 2013 19:49:22 +0000

That did it! Well mostly - but its probably a mod_vcard_ldap issue at this point.
The users were pushed to the contact list of the two clients I am using to test...the only snag I find is that when users log in it shows their LDAP username (but hey, it shows them as logging in so this is a ton of progress). I remember posting a question about this issue before and was directed to use mod_vcard_ldap to resolve it and have the displayName show up instead of the sAMAccountName.

I have to ask though since the changes were really small, what made you think to suggest the changes?

Well then, you may try

mikekaganski — Wed, 16 Jan 2013 11:49:09 +0000

Well then,
you may try this:

{mod_shared_roster_ldap, [
 {ldap_base, "OU=group2,OU=group1,DC=example,DC=local"},
 {ldap_filter, ""},
 {ldap_rfilter, "(objectClass=person)"},
 {ldap_groupattr, "company"}, % I assume you have a common value in this attribute; adjust as appropriate
 {ldap_gfilter, "(&(objectClass=person)(company=%g))"},
 {ldap_groupdesc, "company"},
 {ldap_memberattr, "sAMAccountName"},
 {ldap_ufilter, "(&(objectClass=person)(sAMAccountName=%u))"},
 {ldap_useruid, "sAMAccountName"},
 {ldap_userdesc, "displayName"}
]},

Yes it is Windows AD,

sr0berson — Tue, 15 Jan 2013 15:17:08 +0000

Yes it is Windows AD, basically I just want to add all people under a particular OU to start with (heck just to get it working in the first place).
OU=group2,OU=group1,DC=example,DC=local
sAMAccountName is the username for logins (blah@example.local)
CN is the name of the user (John Doe)
displayName is the same as the CN (John Doe)
None of these people are part of a specific group other than domain users - only thing in common is they are under the same OU.

See I read in some of the configuration notes regarding mod_shared_roster that it doesn't work on ldap users. Regardless I tried @all@ syntax for a new shared roster and it still didn't work. mod_roster is enabled already.

(Noted on this page, LDAP and mod_shared_roster doesn't work together: http://www.ejabberd.im/shared-roster-all)

You config could never be

mikekaganski — Tue, 15 Jan 2013 12:23:38 +0000

You config could never be working. Personally I guess you have been used mod_shared_roster to get all your users at past.

You forgot to describe your LDAP. I guess it's Windows AD (based on your OS). Also, your groups/users layout is required to make a working config.

Note that mod_shared_roster is not needed for mod_shared_roster_ldap; mod_roster _is_ required.
Still, if you need all your users to be in a simple list, you could prefer using mod_shared_roster and its @all@ syntax.