Hello erveryone!
Setup:
Debian Stable, ejabberd-15.03 with LDAP-auth and Shared roster groups
A shared roster group IT-Dept. created through Web-interface with 2 members:
greg@company.com
john@company.comDisplayed Groups: IT-Dept.
Problem:
When user greg@company.com logs in through PSI+ jabber-client, shared group roster is not shown.
Shared group roster and roster members are shown only then, when member JID is changed from:
greg@company.com
john@company.comto
greg@localhost
john@localhostHelp, anyone?
Check your host in your
Check your host in your configuration file. I bet your XMPP domain is set to "localhost", which is likely not what you want.
No, XMPP domain is correct.
No, XMPP domain is correct. However, nodename is
ejabberd@localhost...I think, I've resolved this issue by changing
ldap_basevariable in ejabberd.yml to search for users in the whole domain, not just the specificOU, and separate them by using ldap-filters.Thanks anyway )
This is strange as node name
This is strange as node name as nothing to do with XMPP domain.
mremond wrote: This is
This is strange as node name as nothing to do with XMPP domain.
I agree, this is strange...
Here, this is my ejabberd.yml
loglevel: 4hosts:
- "company1.local"
# - "company2.local"
# - "company3.local"
acl:
admin:
user:
- "admin": "company1.local"
- "admin": "comapny2.local"
- "admin": "company3.local"
host_config:
"company1":
auth_method: ldap
ldap_servers:
- "LDAP-FQDN'
ldap_base: "dc=company1,dc=local"
ldap_rootdn: "cn=ejabberd_bind,ou=Jabber,dc=company1,dc=local"
ldap_password: "password"
ldap_uids: ["sAMAccountName"]
ldap_filter: "(memberOf=cn=gr_company.chat,ou=Groups,ou=Jabber,dc=company1,dc=local)"
"company2":
auth_method: ldap
ldap_servers:
- "LDAP-FQDN"
ldap_base: "dc=company2,dc=local"
ldap_rootdn: "cn=ejabberd_bind,ou=Jabber,dc=company2,dc=local"
ldap_password: "password"
ldap_uids: ["sAMAccountName"]
ldap_filter: "(memberOf=cn=company2.chat,ou=Jabber,dc=company2,dc=local)"
"company3":
auth_method: ldap
ldap_servers:
- "LDAP-FQDN"
ldap_base: "dc=company3,dc=,dc=local"
ldap_rootdn: "cn=ejabberd_bind,ou=Jabber,dc=company3,dc=local"
ldap_password: "password"
ldap_uids: ["sAMAccountName"]
ldap_filter: "(memberOf=cn=company3.chat,ou=Jabber,dc=company3,dc=local)"
access:
proxy65_access:
proxy_users: allow
all: deny
c2s:
blocked: deny
all: allow
configure:
admin: allow
local:
local: allow
muc_admin:
admin: allow
max_user_offline_messages:
admin: 500
all: 100
max_user_sessions:
all: 10
listen:
- port: 5242
starttls: true
starttls_required: true
certfile: "/etc/ejabberd/certs/company1.chat.c2s.pem"
module: ejabberd_c2s
max_stanza_size: 65536
#shaper: c2s_shaper
access: c2s
- port: 5279
module: ejabberd_s2s_in
max_stanza_size: 131072
certfile: "/etc/ejabberd/certs/company1.chat.s2s.pem"
#shaper: s2s_shaper
- port: 5280
module: ejabberd_http
web_admin: true
modules:
#mod_vcard: []
mod_adhoc: []
mod_announce:
access: announce
mod_caps: []
mod_configure: []
mod_disco: []
mod_last: []
mod_muc_log: []
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_privacy: []
mod_private: []
mod_service_log: []
mod_stats: []
mod_time: []
mod_shared_roster: []
mod_version: []
#shaper:
#normal: 50000
#fast: 1000000
append_host_config:
"company1.chat":
modules:
#mod_vcard: []
mod_proxy65:
host: "proxy.@HOST@"
name: "File Transfer Proxy"
port: 7771
mod_muc:
host: "conf.@HOST@"
access: all
access_persistent: all
access_create: muc_admin
access_admin: muc_admin
max_users: 50
mod_vcard_ldap:
ldap_base: "ou=employees,dc=company1,dc=local"
ldap_uids:
"mail": "%u@company1.net"
ldap_filter: ["(memberOf=cn=gr_company1.chat,ou=Groups,ou=Jabber,dc=company1,dc=local)"]
ldap_vcard_map:
"NICKNAME":
"%s (%s) (%s)":
- "displayName"
- "title"
- "l"
"FN":
"%s":
- "displayName"
"ORGNAME":
"%s":
- "company"
"ORGUNIT":
"%s":
- "department"
"ROLE":
"%s":
- "title"
"TEL":
"URL":
"%s":
- "wWWHomePage"
"EMAIL":
"%s":
- "mail"
"PHOTO":
"%s":
- "thumbnailPhoto"
#"BDAY":
# "%s":
# - "birthDay"
# ldap_search_fields:
# "User": "%u"
# "Name": "givenName"
# "Family Name": "sn"
# "Email": "mail"
# "Birthday": "birthDay"
# ldap_search_reported:
# "Full Name": "FN"
# "Nickname": "NICKNAME"
# "Birthday": "BDAY"
You seem to have indentation
You seem to have indentation problems.
Moreover, hosts refer to 'company1.local', while host_config refers to 'company1', without local. This looks incorrect.
mremond wrote: You seem to
You seem to have indentation problems.
Moreover, hosts refer to 'company1.local', while host_config refers to 'company1', without local. This looks incorrect.
I've cleaned up my ejabberd.yml a bit.
loglevel: 4hosts:
- "company1.local"
acl:
admin:
user:
- "admin": "company1.local"
host_config:
"company1.local":
auth_method: ldap
ldap_servers:
- "LDAP-FQDN"
ldap_base: "dc=company1,dc=local"
ldap_rootdn: "cn=ejabberd_bind,ou=Jabber,dc=company1,dc=local"
ldap_password: "password"
ldap_uids: ["sAMAccountName"]
ldap_filter: "(memberOf=cn=gr_company1.chat,ou=Groups,ou=Jabber,dc=company1,dc=local)"
access:
proxy65_access:
proxy_users: allow
all: deny
c2s:
blocked: deny
all: allow
configure:
admin: allow
local:
local: allow
muc_admin:
admin: allow
max_user_offline_messages:
admin: 500
all: 100
max_user_sessions:
all: 10
listen:
- port: 5242
starttls: true
starttls_required: true
certfile: "/etc/ejabberd/certs/company1.local.c2s.pem"
module: ejabberd_c2s
max_stanza_size: 65536
access: c2s
- port: 5279
module: ejabberd_s2s_in
max_stanza_size: 131072
certfile: "/etc/ejabberd/certs/company1.local.s2s.pem"
- port: 5280
module: ejabberd_http
web_admin: true
modules:
#mod_vcard: []
mod_adhoc: []
mod_announce:
access: announce
mod_caps: []
mod_configure: []
mod_disco: []
mod_last: []
mod_muc_log: []
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_privacy: []
mod_private: []
mod_service_log: []
mod_stats: []
mod_time: []
mod_shared_roster: []
mod_version: []
append_host_config:
"company1.local":
modules:
#mod_vcard: []
mod_proxy65:
host: "proxy.@HOST@"
name: "File Transfer Proxy"
port: 7771
mod_muc:
host: "conf.@HOST@"
access: all
access_persistent: all
access_create: muc_admin
access_admin: muc_admin
max_users: 50
mod_vcard_ldap:
ldap_base: "ou=Employees,dc=company1,dc=local"
ldap_uids:
"mail": "%u@company1.net"
ldap_filter: ["(memberOf=cn=gr_company1.chat,ou=Groups,ou=Jabber,dc=company1,dc=local)"]
ldap_vcard_map:
"NICKNAME":
"%s (%s) (%s)":
- "displayName"
- "title"
- "l"
"FN":
"%s":
- "displayName"
"ORGNAME":
"%s":
- "company"
"ORGUNIT":
"%s":
- "department"
"ROLE":
"%s":
- "title"
"TEL":
"%s":
- "mobile"
"URL":
"%s":
- "wWWHomePage"
"EMAIL":
"%s":
- "mail"
"PHOTO":
"%s":
- "thumbnailPhoto"
Could you point to where is the problem with indentation?
In previous version, you had
In previous version, you had issues with modules declared at root level.
Can you authenticate with user@company1.local instead of localhost now ? As I understand it, you seem to say it was working fine now.
Yes, authentication works
Yes, authentication works fine.
Every person in group
gr_company1.chatcan login and authenticate.I'm planning on adding virtual hosts and that is why I declare some modules in
append_host_configBut for now, I have to configure at least one virtual host, the way I want it.
I can't say for sure about
mod_shared_roster, because at that time it looked like it is working.The situation is like this:
The client I'm using is PSI+. I delete all shared groups through web-interface.
Then I log on into my account , account shows no groups and 0 users.
Then I go to web-interface and create a group
IT-dept.with 3 users:and set
Display groupstoIT-dept..And when I press
Submitbutton, sometimes, group appears, but only in PSI+.I've tested with Pidgin - nothing appears.
Loglevel 4 shows no errors, when I launch
ejabberctl liveInteresting thing
Interesting thing noticed.
Groups do appear, and in other XMPP-clients to, but very slow.
Adding users and removing users from groups that have appeared, happens as soon as
Submitbutton is pressed.But with groups it is weird...
I think there is a delay in
I think there is a delay in querying the LDAP. I am not convinced that there is an actual problem. It seems to work but is "slow". Not sure what slow means here. Did you look at the XMPP stream from the client ? What do you receive ? Maybe the client is delaying the display ?
I've managed to make groups
I've managed to make groups appear by creating a group with no more than 2-3 users, and when the group appeared, I add more users to the group and they appear in contact list.
I've paused a bit with
I've paused a bit with
mod_shared_rosterand now I am trying to configure mod_shared_roster_ldap.This is the current module config:
mod_shared_roster_ldap:
ldap_base: "ou=ejabberd,ou=Groups,ou=Jabber,dc=company1,dc=local"
ldap_rfilter: "(objectClass=group)"
ldap_gfilter: "(&(objectClass=group)(cn=%g))"
ldap_groupdesc: "description"
ldap_memberattr: "member"
ldap_memberattr_format: "member=%u,ou=ejabberd,ou=Groups,ou=Jabber,dc=company1,dc=local"
ldap_ufilter: "(&(objectClass=person)(cn=%u))"
ldap_userdesc: "displayName"
Active Directory server receives what looks to be correct information, it finds 2 groups which are located in
ou=ejabberd,ou=Groups,ou=Jabber,dc=company1,dc=local, but these groups do not show up in the roster of members of these groups.Is there a mistake in the module configuration?
Well, the problem with
Well, the problem with
mod_shared_rosteris resolved. For real this time )The solution was - I'm not really sure why, but you need to enable
mod_rosterfor shared roster to work.EDIT - should have read the documentation more carefully... (
And now, if I could make
mod_shared_roster_ldapto work, I could die happy )