mod_shared_rosters_ldap and MS AD

I'm trying to configure mod_shared_roster_ldap against MS AD.

This is the configuration of the module:

{mod_shared_roster_ldap,[
    {ldap_user_cache_validity,7200},
    {ldap_group_cache_validity,7200},
    {ldap_base, "ou=CPD,dc=ad,dc=ufrgs,dc=br"},
    {ldap_rfilter, "(&(objectClass=group)(cn=CPD-DRS Funcionários))"},
    {ldap_groupattr, "cn"},
    {ldap_groupdesc, "name"},
    {ldap_memberattr, "member"},
    {ldap_ufilter, "(&(objectClass=organizationalPerson)(distinguishedName=%D))"},
    {ldap_memberattr_format, "%D"},
    {ldap_useruid, "distinguishedName"},
    {ldap_userdec, "name"}
  ]},

The group contains a lot of members:

root@xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b "ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub "(&(objectClass=group)(cn=CPD-DRS Funcionários))"
# extended LDIF
#
# LDAPv3
# base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree
# filter: (&(objectClass=group)(cn=CPD-DRS Funcionários))
# requesting: ALL
#

# CPD-DRS Funcion\C3\A1rios, DRS, CPD, ad.ufrgs.br
dn:: Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YWQsREM9dWZyZ3MsR
EM9YnI=
objectClass: top
objectClass: group
cn:: Q1BELURSUyBGdW5jaW9uw6FyaW9z
description:: R3J1cG8gRnVuY2lvbsOhcmlvcyBkYSBEUlM=
member: CN=Jose Silva,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Ana Maria Braga,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Regina Case,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Luciano Huck,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Willian Bonner,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
member: CN=Fatima Bernardes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
distinguishedName:: Q049Q1BELURSUyBGdW5jaW9uw6FyaW9zLE9VPURSUyxPVT1DUEQsREM9YW
QsREM9dWZyZ3MsREM9YnI=
displayName: Func_DRS

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xmpp:~#

The result for a member:

root@xmpp:~# ldapsearch -D "manager" -w secret -p 389 -h hostname -b "ou=CPD,dc=ad,dc=ufrgs,dc=br" -s sub "(&(objectClass=organizationalPerson)(distinguishedName=CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br))"
# extended LDIF
#
# LDAPv3
# base <ou=CPD,dc=ad,dc=ufrgs,dc=br> with scope subtree
# filter: (&(objectClass=organizationalPerson)(sAMAccountname=jeronimo))
# requesting: ALL
#

# Jeronimo Soares de Castro Menezes, DRS, CPD, ad.ufrgs.br
dn: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Jeronimo Soares de Castro Menezes
sn: Soares de Castro Menezes
title:: RnVuY2lvbsOhcmlv
physicalDeliveryOfficeName: DRS
telephoneNumber: 5050
givenName: Jeronimo
distinguishedName: CN=Jeronimo Soares de Castro Menezes,OU=DRS,OU=CPD,DC=ad,DC
=ufrgs,DC=br
company: CPD - UFRGS
mailNickname: jeronimo
name: Jeronimo Soares de Castro Menezes
sAMAccountName: jeronimo

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xmpp:~#

When I ssend a stanza querying the roster list:

<iq type='get' id='purple123b28e3'>
<query xmlns='jabber:iq:roster'/>

</iq>

The answer is an empty roster:

<iq from='jeronimo@ad.ufrgs.br' to='jeronimo@ad.ufrgs.br/vision' id='purple123b28e3' type='result'>
<query xmlns='jabber:iq:roster'/>
</iq>

And the log show me that the group "CPD-DRS Funcionários" were founded:

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.611.0>:ejabberd_receiver:320) : Received XML on stream = "<iq type='get' id='purple123b28e3'>\n\t\t<query xmlns='jabber:iq:roster'/>\n\n</iq>"

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.612.0>:ejabberd_router:313) : route
from {jid,"jeronimo","hostname","vision","jeronimo","hostname",
                  "vision"}
to {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}
packet {xmlelement,"iq",
                   [{"type","get"},{"id","purple123b28e3"}],
                   [{xmlcdata,<<"\n\t\t">>},
                    {xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]},
                    {xmlcdata,<<"\n\n">>}]}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:697) : {searchRequest,
                          {'SearchRequest',"ou=CPD,dc=ad,dc=ufrgs,dc=br",
                           wholeSubtree,neverDerefAliases,0,5,false,
                           {'and',
                            [{equalityMatch,
                              {'AttributeValueAssertion',"objectClass",
                               "group"}},
                             {equalityMatch,
                              {'AttributeValueAssertion',"cn",
                               "CPD-DRS Funcionários"}}]},
                           ["cn"]}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:767) : {searchResEntry,
                             {'SearchResultEntry',
                                 "CN=CPD-DRS Funcionários,OU=DRS,OU=CPD,DC=ad,DC=ufrgs,DC=br",
                                 [{'PartialAttributeList_SEQOF',"cn",
                                      ["CPD-DRS Funcionários"]}]}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.442.0>:eldap:767) : {searchResDone,
                             {'LDAPResult',success,[],[],asn1_NOVALUE}}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.440.0>:ejabberd_router:313) : route
from {jid,"jeronimo","hostname",[],"jeronimo","hostname",[]}
to {jid,"jeronimo","hostname","vision","jeronimo","hostname",
                "vision"}
packet {xmlelement,"iq",
                   [{"id","purple123b28e3"},{"type","result"}],
                   [{xmlelement,"query",[{"xmlns","jabber:iq:roster"}],[]}]}

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.440.0>:ejabberd_sm:510) : sending to process <0.612.0>

=INFO REPORT==== 2015-01-21 15:11:53 ===
D(<0.612.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<iq from='jeronimo@ad.ufrgs.br' to='jeronimo@ad.ufrgs.br/vision' id='purple123b28e3' type='result'><query xmlns='jabber:iq:roster'/></iq>">>

I can't understand why the mod_shared_roster_ldap isn't working for me and the roster is empty.
I can't find what is wrong in my configuration.

Can anyone help me?

Jeron

mod_shared_rosters_ldap and

Hi Jeron,
do you have mod_vcard_ldap enabled? When you perform a vcard's search from a jabber's client, does it returns the filtered result?

What version of ejabberd are you using?

Hi egoncalves, The config for

Hi egoncalves,

The config for vcard is:

  {mod_vcard_ldap,
    [{ldap_vcard_map,
      [{"NICKNAME", "%u", []},
       {"EMAIL", "%s", ["mail"]},
       {"FN", "%s", ["cn"]}]},
     {ldap_search_fields,
      [{"User", "%u"},
       {"Email", "mail"},
       {"Name", "givenName"}]},
     {ldap_search_reported,
      [{"Full Name", "FN"},
       {"Email", "EMAIL"}]}
    ]},

If I right-click on Pidgin and select "Get Info.." then it returns the attributes, but the roster list remains listing uids and not the attribute "name".

I am using version 2.1.11:

root@xmpp:~# ejabberdctl status
The node ejabberd@xmpp is started with status: started
ejabberd 2.1.11 is running in that node

Thanks for reply!

Jeron

Default roster does not use

Default roster does not use names from VCard. The default behaviour in XMPP is to let users manage their own roster and set the nickname the want for their contact.

mremond wrote: Default roster

mremond wrote:

Default roster does not use names from VCard. The default behaviour in XMPP is to let users manage their own roster and set the nickname the want for their contact.

Is there no way to set the roster list to show Full Names?

Jeron

No, XMPP default behaviour is

No, XMPP default behaviour is to let the control of roster name to the owner of the roster.

You would have to customize the code itself to get that behaviour.

Syndicate content