Hi there,
although I got some experience in LDAP/Active Directory structures and configuring I am confused by the right setup of filters to get the modul für shared rosters via ldap working.
So here is my general conf part, which allows authentication via ldap and this works flawless:
{auth_method, ldap}.
{ldap_servers, ["isw.uni-stuttgart.de"]}.
{ldap_encrypt, none}.
{ldap_port, 389}.
{ldap_rootdn, "ISW\\virtualuser"}.
{ldap_password, "somethingSecret"}.
{ldap_base, "DC=isw,DC=uni-stuttgart,DC=de"}.
{ldap_uids, [{"mail", "%u@isw.uni-stuttgart.de"}]}.
{ldap_filter, "(memberOf=CN=Employees,CN=Users,DC=isw,DC=uni-stuttgart,DC=de)"}.
Now the tricky part is the shared roster. But first some information on the ldap tree:
Users are stored in:
- OU=Students,OU=People,OU=Institute,DC=isw,DC=uni-stuttgart,DC=de
- OU=FixedTerms,OU=People,OU=Institute,DC=isw,DC=uni-stuttgart,DC=de
- OU=Others,OU=People,OU=Institute,DC=isw,DC=uni-stuttgart,DC=de
Groups are stored in:
- CN=Users,DC=isw,DC=uni-stuttgart,DC=de
Members of groups are stored in the member attribut: CN=Firstname Lastname,OU=,OU=Institut,DC=isw,DC=uni-stuttgart,DC=de
Another thing is, that the uid of users needs to be their mail attribute which is:
After I dont need all groups available I used an additional info attribut, but to keep it simple at first I tried it like this (without the info attribute and only one subtree of People):
{mod_shared_roster_ldap, [
{ldap_groupattr, "cn"},
{ldap_groupdesc, "description"},
{ldap_useruid, "mail"},
{ldap_userdesc, "displayName"},
%% {ldap_rfilter, "(&(objectClass=group)(info=JabberRosterGroup))"},
{ldap_rfilter, "(objectClass=group)"},
{ldap_gfilter, "(&(objectClass=group)(cn=%g))"},
{ldap_ufilter, "(&(objectClass=user)(cn=%u))"},
{ldap_memberattr, "member"},
{ldap_memberattr_format, "CN=%u,OU=FixedTerms,OU=People,OU=Institute,DC=isw,DC=uni-stuttgart,DC=de"}
]},
The thing is that obviously it doesn't work and I have no clue where I am mistaken. Are there any suggestions or can someone tell me what I am missing?
Alright.. I am able to
Alright.. I am able to specify the problem.
My memberattr contains the DNs of the users. The problem seems to be, that the CN contains spaces.
So an example would look like:
CN=John Smith,OU=FixedTerms,OU=People,OU=Institute,DC=isw,DC=uni-stuttgart,DC=de
Any idea how to solve this?https://support.process-one.net/browse/EJAB-1480?focusedCommentId=51278&... ) but the option: ldap_member_selection_mode is not available in 15.07
I found this (