Добрый день, никак не могу настроить LDAP авторизацию. Сервер на котором стоит ejabberd - Centos 7
Вот куски кода конфига и кусок лог файла. может знающий поможет определить в чем проблема.
##
## Authentication using LDAP
##
auth_method: ldap
##
## List of LDAP servers:
ldap_servers:
- "main.port-audit.ru"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
ldap_port: 636
##
## LDAP manager:
ldap_rootdn: "CN=xmpp,OU=services_users,DC=port-audit,DC=ru"
##
## Password of LDAP manager:
ldap_password: "*******"
##
## Search base of LDAP directory:
ldap_base: "dc=port-audit,dc=ru"
##
## LDAP attribute that holds user ID:
ldap_uids:
- "sAMAccountName": "%u"
##
## LDAP filter:
ldap_filter: "(CN=Jabber Users,OU=services_users,DC=port-audit,DC=ru)"
2016-06-29 12:59:29.009 [info] <0.38.0>@cyrsasl_digest:start:60 FQDN used to check DIGEST-MD5 SASL authentication: xmpp.port-audit.ru
2016-06-29 12:59:29.012 [info] <0.391.0>@eldap:connect_bind:1062 LDAP connection on main.port-audit.ru:636
2016-06-29 12:59:29.012 [info] <0.392.0>@eldap:connect_bind:1062 LDAP connection on main.port-audit.ru:636
2016-06-29 12:59:29.013 [info] <0.394.0>@eldap:connect_bind:1062 LDAP connection on main.port-audit.ru:636
2016-06-29 12:59:29.013 [info] <0.395.0>@eldap:connect_bind:1062 LDAP connection on main.port-audit.ru:636
2016-06-29 12:59:29.153 [info] <0.576.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5222,{0,0,0,0},tcp}
2016-06-29 12:59:29.154 [info] <0.577.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5269,{0,0,0,0},tcp}
2016-06-29 12:59:29.154 [info] <0.579.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5280,{0,0,0,0},tcp}
2016-06-29 12:59:29.154 [info] <0.38.0>@ejabberd_app:start:76 ejabberd 16.04 is started in the node ejabberd@localhost
2016-06-29 12:59:29.154 [info] <0.7.0> Application ejabberd started on node ejabberd@localhost
2016-06-29 12:59:56.445 [info] <0.579.0>@ejabberd_listener:accept:333 (#Port<0.18531>) Accepted connection 192.168.100.14:53476 -> 192.168.100.60:5280
2016-06-29 12:59:56.445 [info] <0.584.0>@ejabberd_http:init:158 started: {gen_tcp,#Port<0.18531>}
2016-06-29 12:59:58.515 [info] <0.579.0>@ejabberd_listener:accept:333 (#Port<0.18532>) Accepted connection 192.168.100.14:53477 -> 192.168.100.60:5280
2016-06-29 12:59:58.516 [info] <0.585.0>@ejabberd_http:init:158 started: {gen_tcp,#Port<0.18532>}
2016-06-29 13:00:24.036 [warning] <0.584.0>@ejabberd_web_admin:process:239 Access of <<"zsa@port-audit.ru">> from <<"192.168.100.14">> failed with error: <<"inexistent-account">>
2016-06-29 13:00:55.582 [info] <0.576.0>@ejabberd_listener:accept:333 (#Port<0.18533>) Accepted connection 192.168.100.14:53494 -> 192.168.100.60:5222
2016-06-29 13:00:55.723 [info] <0.587.0>@ejabberd_c2s:wait_for_feature_request:782 ({socket_state,fast_tls,{tlssock,#Port<0.18533>,#Port<0.18556>},<0.586.0>}) Failed authentication for from 192.168.100.14
2016-06-29 13:00:55.724 [info] <0.587.0>@ejabberd_c2s:wait_for_feature_request:782 ({socket_state,fast_tls,{tlssock,#Port<0.18533>,#Port<0.18556>},<0.586.0>}) Failed authentication for from 192.168.100.14
P.S. Заработал вот такой конфиг:
auth_method: ldap
ldap_servers:
- "main.port-audit.ru"
ldap_encrypt: tls
ldap_tls_verify: false
## ldap_port: 389
ldap_port: 636
ldap_rootdn: "CN=xmpp,OU=services_users,DC=port-audit,DC=ru"
ldap_password: "*****"
ldap_base: "dc=port-audit,dc=ru"
ldap_uids:
- "sAMAccountName": "%u"
ldap_filter: "(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
