Hi all,
I'm trying to set up a ejabbered server for internal communication. As I don't want to create a new userbase, I want to auth against our AD.
I have the following config:
{loglevel, 4}.
{hosts, ["jabber.local-domain.tld"]}.
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "C:\\Programme\\ejabberd-2.0.0\\conf\\server.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [
http_bind,
http_poll,
web_admin
]}
]}.
{auth_method, ldap}.
{ldap_servers,["ad.local-domain.tld"]}.
{ldap_port, 389}.
{ldap_uidattr, "name"}.
{ldap_base,"CN=Users,DC=ad,DC=local-domain,DC=tld"}.
{ldap_rootdn,"CN=Administrator,CN=Users,DC=ad,DC=local-domain,DC=tld"}.
{ldap_password, "passwd"}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
{acl, admin, {user, "admin", "jabber.local-domain.tld"}}.
{acl, local, {user_regexp, ""}}.
{access, max_user_sessions, [{10, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc, [{allow, all}]}.
{access, register, [{allow, all}]}.
{access, pubsub_createnode, [{allow, all}]}.
{language, "en"}.
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.jabber.local-domain.tld"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [{docroot, "C:\\Programme\\ejabberd-2.0.0\\www"}]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
%%{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{plugins, ["default", "pep"]}
]},
{mod_register, [
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, {"Welcome!",
"Welcome to this Jabber server."}},
%%
%% When a user registers, send a notification to
%% these Jabber accounts.
%%
%%{registration_watchers, ["admin1@example.org"]},
{access, register}
]},
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []}
]}.
Now I have two questions:
1. where are offline-msgs etc stored to?
2. How to enable login for all users in all OUs in AD?
And one big problem: I can't login. Neither with admin-users i created in setup not with an existing AD-User.
ejabbered runs on windows.
//Edit: log says
=INFO REPORT==== 2008-03-12 13:01:08 ===
I(<0.250.0>:ejabberd_listener:112) : (#Port<0.380>) Accepted connection {{my,local,ip,address},45101} -> {{servery,local,ip,adress},5222}
=INFO REPORT==== 2008-03-12 13:01:10 ===
I(<0.337.0>:ejabberd_c2s:561) : ({socket_state,tls,{tlssock,#Port<0.380>,#Port<0.382>},<0.336.0>}) Failed authentication for userinldap@jabber.local-domain.tld
Ejabberd 2 with ActiveDirectory
Hi MCIglo...
1. The offline messages are stored in mnesia database in %ProgramFiles%\ejabberd-2.0.0\database
2. I use a plain (unprivleged) user to access AD structure, and user mail properity to filter user access, but if you wanna give access to all users can use userPrincipalName property.
This is my ejabberd.cfg file:
{loglevel, 4}.{hosts, ["domain.net"]}.
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "C:\\Archivos de programa\\ejabberd-2.0.0\\conf\\server.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [
http_bind,
http_poll,
web_admin
]}
]}.
{auth_method, ldap}.
{ldap_servers, ["server.domain.net"]}. % List of LDAP servers
{ldap_base, "DC=domain,DC=net"}. % Search base of LDAP directory
{ldap_rootdn, "CN=plainuser,OU=Base,DC=domain,DC=net"}. % LDAP manager
{ldap_base, "OU=Base,DC=domain,DC=net"}. % Search base of LDAP directory
{ldap_password, "password"}. % Password to LDAP manager
{ldap_uids, [{"mail", "%u@domain.net"}]}.
{ldap_uidattr, "sAMAccountName"}.
{ldap_filter, "(mail=*)"}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
{acl, admin, {user, "admin", "domain.net"}}.
{acl, local, {user_regexp, ""}}.
{access, max_user_sessions, [{10, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc, [{allow, all}]}.
{access, register, [{allow, all}]}.
{access, pubsub_createnode, [{allow, all}]}.
{language, "es"}.
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.domain.net"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [{docroot, "C:\\Archivos de programa\\ejabberd-2.0.0\\www"}]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
%%{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{plugins, ["default", "pep"]}
]},
{mod_register, [
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, {"Welcome!",
"Welcome to this Jabber server."}},
%%
%% When a user registers, send a notification to
%% these Jabber accounts.
%%
%%{registration_watchers, ["admin1@example.org"]},
{access, register}
]},
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []},
{mod_vcard_ldap,
[
{ldap_servers, ["server.domain.net"]},
{ldap_rootdn, "CN=plainuser,OU=Base,DC=domain,DC=net"},
{ldap_password, "password"},
{ldap_base, "OU=Base,DC=domain,DC=net"},
{ldap_filter, "(mail=*)"},
{ldap_uids, [{"mail", "%u@domain.net"}]},
{ldap_vcard_map,
[{"NICKNAME", "%u", ["nickname"]},
{"GIVEN", "%s", ["givenname"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s, %s", ["sn", "givenName"]},
{"EMAIL", "%s", ["mail"]}]},
{ldap_search_fields,
[{"User", "uid"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"}]},
{ldap_search_reported,
[{"Apellido", "FAMILY"},
{"Nombre", "GIVEN"}]}
]},
{mod_shared_roster_ldap,
[{ldap_servers, ["server.domain.net"]},
{ldap_base, "OU=Base,DC=domain,DC=net"},
{ldap_rootdn, "CN=plainuser,OU=Base,DC=domain,DC=net"},
{ldap_password, "password"},
{ldap_groupattr, "cn"},
{ldap_groupdesc, "cn"},
{ldap_memberattr, "sAMAccountName"},
{ldap_memberattr_format, "uid=%u*"},
{ldap_filter, "(uniqueMember=*)"}
]}
]}.