I'm in the process of setting up ejabberd for a small office. I've installed the Windows binaries for ejabberd 2.0.1 on the server and I'm using Psi v0.11 for the client.
I've configured the sever to use LDAP authentication as follows:
{auth_method, ldap}.
{ldap_servers, ["dc2.example.net", "dc1.example.net"]}. % List of LDAP servers
{ldap_base, "OU=Employees,DC=gace,DC=net"}. % Search base of LDAP directory
{ldap_rootdn, "CN=Administrator,CN=Users,DC=example,DC=net"}. % LDAP manager
{ldap_password, "password"}. % Password to LDAP manager
{ldap_uids, [{"sAMAccountName"}]}.
To work with an existing SSL certificate we have, I've set the host to be mail.example.net. I've also setting everything up as just example.net and letting SSL authentication fail, but it didn't change things.
From Psi, I add an account for a user in LDAP... let's say . It won't let me register a new account for the user (I'm assuming since they are already in Active Directory) but it will let me connect. I can setup mutliple users and they can chat, so that's all working fine. However, the problem that I'm having is that everyone is starting off with a blank roster. In the web admin, active users will show up in the online users page, but the users page itself is blank. With 80 employees it's too much of a pain to create a new roster for everyone by hand...
From reading through the pages here, I was under the impression that they should at least see a list of all the LDAP users who've connected, but this doesn't seem to be the case. The shared roster function in the web interface doesn't work... I've manually create rosters in the web interface but nothing ever shows up in the client.
I've also tried installing mod_shared_roster_ldap. I compiled it and got it running, but it didn't work either. No matter what I tried nothing ever showed up in the client.
Ideally I'd like to be able to create several shared rosters that would automatically be loaded on the client for each user... but at this point I'd be happy just to have everyone show up in the roster... or for any solution at all that would let push out a group roster that would be visible in the PSI client.
All works for me. Check your 'hosts' option
I know very little about LDAP. I installed slapd in Debian, created an admin account and two user accounts. Then I configured ejabberd to use ldap as auth_method.
I tested with ejabberd compiled from SVN trunk, Erlang/OTP and other dependencies from Debian Unstable packages. I think there weren't major changes in LDAP code since ejabberd 2.0.1 was released.
My config:
%{auth_method, internal}. {auth_method, ldap}. {ldap_servers, ["localhost"]}. {ldap_base, "dc=pike"}. {ldap_rootdn, "cn=admin,dc=pike"}. {ldap_password, "qweqwe"}.It won't let me register a new account for the user (I'm assuming since they are already in Active Directory)
Accounts are to be created in LDAP by you in some way, not using ejabberd.
In the web admin, active users will show up in the online users page, but the users page itself is blank.
It works for me. Do you mean no users are listed, or that the page shown is completely blank? In the later case there will probably be an error message in the ejabberd log file.
From reading through the pages here, I was under the impression that they should at least see a list of all the LDAP users who've connected, but this doesn't seem to be the case.
The roster is considered private data. By default only the user can add or remove contacts to his roster. So some text misleaded you.
The shared roster function in the web interface doesn't work...
It works for me. I created a group identified as: asd. Then I set Name: bubu, Description: desc, Members: @all@, Display: asd.
I logged in with one of the two LDAP accounts, and I saw the other user as offline. Then I logged in with the other, and both users could see the other as online. I didn't add those users as contacts: they were displayed to the clients by ejabberd as they are in a shared roster group.
I've manually create rosters in the web interface but nothing ever shows up in the client.
I added a non-existent contact to one of the user's roster using Web Admin. Then I logged in to that user, and he saw the other existing user (thanks to Shared Roster Groups) and a new contact (which of course corresponds to an account that doesn't exist, so he's always offline).
The rosters are managed by mod_roster, and are stored in the internal Mnesia table 'roster'. You can see in Web Admin the size of that table, to see if it increases. Or dump the whole database to a text file.
I've also tried installing mod_shared_roster_ldap. I compiled it and got it running, but it didn't work either. No matter what I tried nothing ever showed up in the client.
I didn't try that module, because the regular one worked as expected for the simple feature we wanted.
Ideally I'd like to be able to create several shared rosters that would automatically be loaded on the client for each user... but at this point I'd be happy just to have everyone show up in the roster... or for any solution at all that would let push out a group roster that would be visible in the PSI client.
All worked correctly in my very simple LDAP auth setup. Your config seems correct.
I've set the host to be mail.example.net.
...
let's say
If you set this in ejabberd.cfg
{hosts, ["example.net"]}.then your Jabber ID will be "bob.hope@example.net".
If you set this in ejabberd.cfg
{hosts, ["mail.example.net"]}.then your Jabber ID will be "bob.hope@mail.example.net".
If you attempt to overlook this, the results are unpredictable.
Thanks... the problems seems to be with shared rosters then...
Thanks for the help so far.
was a typo... it's actually , so I don't think that's the issue.
As far the users tab in the web interface... it's not completely blank... it shows the usual side frames and has a blank to add new users... it even has the headers for the table of users (User Offline Messages Last Activity). It just doesn't show any users.
As for shared rosters... the shared rosters group module just doesn't seem to work. The web interface works normally... I can create new shared roster group (I tried @all@ and typing in sets of usernames) - but they never show up in the PSI client.
I'll try installing everything from scratch again just to see if I am missing anything, but I think I'm doing everything correctly. Has anyone tried shared rosters with the PSI client? Could that be the issue?
Screenshots with Psi
Has anyone tried shared rosters with the PSI client?
Yes, check