Home

Can Ejabberd?

Submitted by jcluff on Sat, 2005-06-25 02:17

I am looking to startup a hosting business hosting instant messaging and trying to decide between three different business models. Each litteraly focuses on a different product and this determines where my money goes and what products I use. Currently on the table is Antepo's OPN or just reselling Omnipod. I am a big proponent of xmpp but I need to be able to sell reliable and secure instant messaging. My third option is to utilize Ejabberd. But before I give serious concideration to Ejabberd I need to know if it can handle the features I need in the manor I need to.

I need to be able to setup a config that support the following example:

mycompany.com (parent host) that users from other hosters can communicate with. MUC and Transports to public IMs. Publish/subscribe would be a plus.

hostedcompany1.com (first virtual host) users can be administrated by admins of mycompany.com as well as their own administrators without their administrators having any access to any other virtual host. MUC that is strictly controlled by their MUC administrators as well as mycompany.com administrators. Controlled access to the external transports on an account by account basis and logged messages. All secure via ssl or tls or sasl. Authentication handled against hostedcompany1.com's own LDAP structure whether that is openldap or AD. Web client support. S2S communication to any other SSL enabled xmpp server that supports S2S.

hostedcompany2.net (second virtual host) users can be adminsitrated by only mycompany.com. MUC moderated any only persistant rooms that are controled by mycompany.com. logged communication. No access to external public IM and only S2S with mycompany.com. Authentication via ldap. Web Client that allows for customers to come and open up a troubleticket for support and initiate live chat with the next available associate that doesnt have any chat windows associated with anonymously logged users.

Some of the features such as the anonymous client I am willing to write myself if needed but I need the kind of granular control over virtual hosts as expressed above. If it is possible it would be wonderful. If not and somebody can let me know how much of what I have mentioned is possible we still my be able to move forward with this.

It can, mostly

Submitted by mfoss on Wed, 2005-06-29 14:49.

It took me some time, but here are the answers:

  • Already implemented in ejabberd:
    • MUC
    • Publish/subscribe
    • users can be administrated by admins of mycompany.com as well as their own administrators without their administrators having any access to any other virtual host: admin ACLs for individual virtual domains were recently added to ejabberd and are available on the SVN version.
    • MUC that is strictly controlled by their MUC administrators as well as mycompany.com administrators.
    • Controlled access to the external transports on an account by account basis: it's possible setting an ACL for every user.
    • All secure via ssl or tls or sasl.
    • Authentication handled against hostedcompany1.com's own LDAP structure whether that is openldap or AD.
  • Possible installing an external component:
    • Transports to public IMs: installing the transport, PyMSNt, ICQt...
    • Transports, logged messages: that depends on the transport, or using Bandersnatch.
    • Web client support: using a Java client like Jeti or JBother; or installing JWChat that only requires a web browser.
    • logged communication: installing Bandersnatch
    • No access to external public IM and only S2S with mycompany.com: this may be possible with some firewall rules.
    • Web Client that allows for customers to come and open up a troubleticket for support and initiate live chat with the next available associate that doesnt have any chat windows associated with anonymously logged users: this looks like the typical corporate/enterprise requirement, so I don't know too much about that. But you can talk with JWChat author for example, maybe you can build your custom client using his client and his suggestions.
  • Not possible with current ejabberd
    • S2S communication to any other SSL enabled xmpp server that supports S2S: ejabberd does not support SSL and/or STARTTLS on S2S connections. Of course, that feature will eventually be implemented.
    • This looks like the biggest problem for you: even if it's possible to use several different authentication methods, they can't be set individually for each virtual domain. One possibility is to not use one single Jabber server with virtual domains, but several independent Jabber servers, installed on the same machine using different ports or on different machines. Of course this may be unacceptable for your purposes...
  • I don't understand what does that mean:
    • MUC moderated any only persistant rooms that are controled by mycompany.com.

If you want additional comments about these or other features, please ask again.

»

different auth methods on different vhosts

Submitted by mfoss on Thu, 2005-07-14 14:57.

I just want to inform that ejabberd on SVN now allows different authentication methods for different virtual hosts.

»

Badlop, thank you a bunch for your answers.

Submitted by jcluff on Mon, 2005-07-18 10:07.

Thank you for all of your answers. This really gives me a good picture of what I can expect from ejabberd. I will probably use ejabberd for some implementations as I am quite impressed with its functionality, but it doesnt yet fit every need I have right now. However I do not know if there are many commercial solutions that fit these needs either so I will just have to see.

»
Syndicate content

User login