Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

Can't auth via LDAP

Submitted by petr.mat on Fri, 2007-04-06 01:39

Hello,

I have problem with authentication via LDAP. Ejabberd communicates with LDAP server but I cannot register accounts or log in. I can only see in ejabberd log:

=INFO REPORT==== 6-Apr-2007::03:08:15 ===
I(<0.226.0>:ejabberd_listener:90): (#Port<0.396>) Accepted connection {{10,0,0,3},1638} -> {{10,0,0,50},5222}

So, I want to create users through PHP and LDAP, but I can't find any help for do it ejabberd can log in those users.

Excuse my bad English, please.

Thanks for help, Petr

config

Submitted by bendsu on Fri, 2007-04-06 02:12.

could maybe help if you posted your ejabberd.conf

Please help to configure ejabberd.conf

Submitted by gultom on Fri, 2007-04-06 02:35.

Dear
Ejabberd team.

Please help me to configure my ejabberd.conf. for my local network.
The name of local server is gultom (windows xp).
My existed ejabberd.conf as bellow

Thank's and regard's

% $Id: $

%override_acls.

% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
%{welcome_message,
% {"Welcome!",
% "Welcome to Instant Messaging server localhost. "
% "For information about ejabberd visit http://www.process-one.net/"}}.
% Replace them with 'none' if you don't want to send such message:
{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@gultom",
% "admin2@gultom"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

% Authentication method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.

% For LDAP authentication use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["gultom"]}. % List of LDAP servers
%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}. % Search base of LDAP directory
%{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
%{ldap_password, "******"}. % Password to LDAP manager

% For authentication via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentication/script"}.

% For authentication via ODBC use the following:
%{auth_method, odbc}.
%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.

% Host name:
{hosts, ["gultom"]}.

%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.

%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon|login_anon|both
%% allow_multiple_connections: true|false
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%% To use both anonymous and internal authentication:
%%{host_config, "public.example.org", [{auth_method, [anonymous, internal]}]}.

% Default language for server messages
% TODO: Use installer selection
{language, "en"}.

% Listened ports:
{listen, [
{5222, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, {shaper, c2s_shaper}]},
%% Use this line to enable SSL:
%%{5223, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, tls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},
%%
%% Use those lines instead for TLS support:
%%{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, starttls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},
%%{5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, "C:\Program Files\ejabberd-1.1.3/conf/server.pem"}]},

%% Remove this line if you want to prevent s2s connections:
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}, {max_stanza_size, 131072}]},

%% remove http_poll to remove support for http polling
%% remove web_admin to disable admin interface:
{5280, ejabberd_http, [http_poll, web_admin]}
%% This is an example on how to define an external service/transport:
%%{8888, ejabberd_service, [{access, all},
%% {hosts, ["icq.gultom", "sms.gultom"],
%% [{password, "secret"}]}]}
]}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

% Used modules:
{modules,
[
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_adhoc, []},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_announce, [{access, announce}]}, % Depends on mod_adhoc
{mod_echo, [{host, "echo.gultom"}]},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]},
% {mod_muc_log, []},
% {mod_shared_roster, []},
{mod_pubsub, [{access_createnode, pubsub_createnode}]},
{mod_time, []},
{mod_last, []},
% {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
{mod_version, []}
]}.

% Local Variables:
% mode: erlang
% End:

Why?

Submitted by petr.mat on Fri, 2007-04-06 07:15.

Why do you do chaos with your conf in my thread? :(

could help

Submitted by mepal on Fri, 2007-04-06 23:33.

check this, at least i was hving the problem with 1.1.3 while everything works for 1.1.2:

http://www.ejabberd.im/node/1364

ldap_uidattr has changed!!!

Submitted by Alex Mol (not verified) on Wed, 2007-05-23 17:23.

ldap_uidattr has been removed. Use ldap_uids instead.

You need to replace something like this
{ldap_uidattr, "sAMAccountName"}.

...with something like this
{ldap_uids, [{"sAMAccountName", "%u"}]}.

My conf

Submitted by petr.mat on Fri, 2007-04-06 07:12.

I have problem with domain2.com, domain1.com is ok.
Thanks!

% $Id: ejabberd.cfg.example 577 2006-06-07 08:38:37Z mremond $

%override_acls.

% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin", "domain1.com"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
{"Welcome!",
"Welcome to Jabber Service. "
"For information about Jabber visit http://jabber.org"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.