ActiveDirectory

всем привет.
Делаю вот по этой статье http://realloc.spb.ru/share/ejabberd112ad.html
но .. ничего не получается ...
самой главной проблеммой является "молчаливость" джаббера. В логи вообще ничего не пишет ! Поэтому понять на какой стадии происходит сбой крайне сложно !.
вот мой конфиг

========================================= ejabberd.cfg
override_global.
override_local.
override_acls.

% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
%{acl, admin, {user, "aleksey"}}.
{acl, admin, {user, "denis"}}.
{acl, admin, {user, "admin"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
{"Welcome !",
"http://www.ya.ru"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

% Authentication method. If you want to use internal user base, then use
% this line:
%{auth_method, internal}.
{auth_method, ldap}.
{ldap_servers, ["192.168.11.200"]}.
{ldap_uidattr, "sAMAccountName"}.
{ldap_filter, "(memberOf=CN=JabberUsers,CN=Users,DC=food-t,DC=ru)(|(userAccountControl=66050)(userAccountControl=66048))"}.
{ldap_base, "DC=food-t,DC=ru"}.
{ldap_rootdn, "CN=ejabberd,CN=Users,DC=food-t,DC=ru"}.
{ldap_password, "12345" }.

% Host name:
{hosts, ["fritz", "fritz.food-t.ru", "jabber.food-t.ru"]}.
%{hosts, ["jabber.food-t.ru"]}.

{host_config, "fritz", [{auth_method, ldap}]}.
{host_config, "fritz.food-t.ru", [{auth_method, ldap}]}.
{host_config, "jabber.food-t.ru", [{auth_method, ldap}]}.

%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon|login_anon|both
%% allow_multiple_connections: true|false
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%% To use both anonymous and internal authentication:
%%{host_config, "public.example.org", [{auth_method, [anonymous, internal]}]}.

% Default language for server messages
{language, "ru"}.

% Listened ports:
{listen, [

% [ {5555, ejabberd_service, [{access, all}, {host, ["icq.fritz"],[{password, "secret"}]}]},

{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper},
{max_stanza_size, 65536},
starttls, {certfile, "./ssl.pem"}]},
{5223, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
tls, {certfile, "./ssl.pem"}]},
% Use these two lines instead if TLS support is not compiled
%{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
%{5223, ejabberd_c2s, [{access, c2s}, ssl, {certfile, "./ssl.pem"}]},
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [http_poll, web_admin]},

{8888, ejabberd_service, [{access, all},
{hosts, ["icq.fritz", "sms.fritz"],
[{password, "someSecret"}]}]}

]}.

% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "./ssl.pem"}.
%{domain_certfile, "example.org", "./example_org.pem"}.
%{domain_certfile, "example.com", "./example_com.pem"}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.
% Used modules:
{modules,
[
{mod_adhoc, []},
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_adhoc, []},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_announce, [{access, announce}]}, % Depends on mod_adhoc
{mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
% {mod_muc_log, []},
{mod_shared_roster, []},
{mod_pubsub, [{access_createnode, pubsub_createnode}]},
{mod_time, []},
{mod_last, []},
{mod_version, []},
{mod_vcard_ldap,
[{ldap_vcard_map,
[{"NICKNAME", "%s", ["displayname"]},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]}]},
{ldap_search_fields,
[{"User", "%u"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"},
{"Company", "company"},
{"Department", "department"},
{"Role", "title"},
{"Description", "description"},
{"Phone", "telephoneNumber"}]},
{ldap_search_reported,
[{"Full Name", "FN"},
{"Nickname", "NICKNAME"},
{"Email", "EMAIL"}]}
]
},
{mod_shared_roster_ldap,
[{ldap_groupattr,"department"},
{ldap_groupdesc,"department"},
{ldap_rfilter, "(&(memberOf=CN=JabberUsers,CN=Users,DC=food-t,DC=ru)(|(userAccountControl=66050)(userAccountControl=66048))
{ldap_memberattr,"sAMAccountName"},
{ldap_userdesc,"cn"}
]
}
]}.

% Local Variables:
% mode: erlang
% End:
====================================================

пользователь ejabberd зарегестрирован, права у него как у domain user, пробовал использовать пользователя administator,
толку=0.
для проверки подключения пробовал Tkabber и плагин для Miranda. В обоих случаях "ошибка регистрации"
1. Как выловить ошибку ?
2. Как заставить жабер выводить как можно больше информации ?

===========
Система FreeBSD 4.11, ejabberd-1.1.2_1