Ejabberd with LDAP authentication configured on first node : OK (working with clients)
First node : ERLANG_NODE=ejabberd@ejabberd-1
Second node : ERLANG_NODE=ejabberd@ejabberd-2
Ejabberd Guide Chapter 6 Setup => OK (no error, 2 nodes running).
Config second node = config first node (Ejabberd.cfg).
Start ejabberd on nodes 1 and 2 : ejabberd.log with no errors.
But when I try to connect with Spark client from server ejabberd-2 :
- ldap_user@ejabberd : doesn't work
- ldap_user@ejabberd-2 : doesn't work
- ldap_user@ejabberd-1 : OK
I can't stand it !!!
Re: I need some help on Ejabberd clustering with AD
Node name doesn't correlate with XMPP domain name. You should define XMPP domain in the config file:http://www.process-one.net/en/ejabberd/guide_en#htoc20
paroblem partially fixed
Node name doesn't correlate with XMPP domain name. You should define XMPP domain in the config file: http://www.process-one.net/en/ejabberd/guide_en#htoc20
Thanks, this fixes partially the issue : no matter where the user resides, he can now authenticate using then domain name as server (user@domain) but it is still necessary to provide the preferred server in the "Spark" client advanced configuration.
Re: I need some help on Ejabberd clustering with AD
What do you mean "preferred"? You have to configure a load balancing correctly (for example via DNS) to make your cluster working.
ejabberd cluster
Thanks but first of all, no way for my ejabberd servers to communicate.
Here is my configuration :
Ejabberd domain = AD domain = commundev-evo.fr
First server : EJABBERD-1
Second server : EJABBERD-2
Spark configuration for user1 :
- Advanced connection preferences -> Connection -> Host : ejabberd-2.commundev-evo.fr
- Connection window : user = user1 - pwd = user1 - server = commundev-evo.fr
Spark configuration for user2 :
- Advanced connection preferences -> Connection -> Host : ejabberd-1.commundev-evo.fr
- Connection window : user = user2 - pwd = user2 - server = commundev-evo.fr
LDAP authentication = OK for ejabberd clients (Spark) but user1 ans user2 can't communicate.
If I configure Spark for another user on ejabberd-1 or ejabberd-2, the communication works fine with the active user on the SAME server.
So the ejabberd router seems no to be working.
Ejabberdctl.cfg (ejabberd-1) :
ERLANG_NODE=ejabberd@ejabberd-1
Ejabberdctl.cfg (ejabberd-2) :
ERLANG_NODE=ejabberd@ejabberd-2
---------------------------------------------------------------------------------------------------------
Ejabberd.cfg (ejabberd-1) :
%%%
%%% ejabberd configuration file
%%%
%%% The parameters used in this configuration file are explained in more detailhttp://www.process-one.net/en/ejabberd/docs/
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is included in
%%% your copy of ejabberd, and is also available online at
%%%
%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
%%%
%%% - The character to comment a line is %
%%%
%%% - Each term ends in a dot, for example:
%%% override_global.
%%%
%%% - A tuple has a fixed definition, its elements are
%%% enclosed in {}, and separated with commas:
%%% {loglevel, 4}.
%%%
%%% - A list can have as many elements as you want,
%%% and is enclosed in [], for example:
%%% [http_poll, web_admin, tls]
%%%
%%% - A keyword of ejabberd is a word in lowercase.
%%% The strings are enclosed in "" and can have spaces, dots...
%%% {language, "en"}.
%%% {ldap_rootdn, "dc=example,dc=com"}.
%%%
%%% - This term includes a tuple, a keyword, a list and two strings:
%%% {hosts, ["jabber.example.net", "im.example.com"]}.
%%%
%%% =======================
%%% OVERRIDE STORED OPTIONS
%%
%% Override the old values stored in the database.
%%
%%
%% Override global options (shared by all ejabberd nodes in a cluster).
%%
override_global.
%%
%% Override local options (specific for this particular ejabberd node).
%%
override_local.
%%
%% Remove the Access Control Lists before new ones are added.
%%
override_acls.
%%% =========
%%% DEBUGGING
%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 4}.
%%
%% watchdog_admins: If an ejabberd process consumes too much memory,
%% send live notifications to those Jabber accounts.
%%
%%{watchdog_admins, ["admin@ejabberd-1"]}.
%%% ================
%%% SERVED HOSTNAMES
%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, ["commundev-evo.fr"]}.
%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%%
{route_subdomains, s2s}.
%%% ===============
%%% LISTENING PORTS
%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%%
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
%%
%% To enable the old SSL connection method in port 5223:
%%
%%{5223, ejabberd_c2s, [
%% {certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}, tls,
%% {access, c2s},
%% {shaper, c2s_shaper},
%% {max_stanza_size, 65536}
%% ]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
%%
%% ejabberd_service: Interact with external components (transports...)
%%
%%{8888, ejabberd_service, [
%% {access, all},
%% {shaper_rule, fast},
%% {ip, {127, 0, 0, 1}},
%% {hosts, ["icq.example.org", "sms.example.org"],
%% [{password, "secret"}]
%% }
%% ]},
{5280, ejabberd_http, [
http_bind,
http_poll,
web_admin
]}
]}.
%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% You must specify a certificate file.
%%
%%{s2s_use_starttls, true}.
%%
%% s2s_certfile: Specify a certificate file.
%%
%%{s2s_certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}.
%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org", "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\example_org.pem"}.
%%{domain_certfile, "example.com", "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\example_com.pem"}.
%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
%%{s2s_default_policy, allow}.
%%
%% Allow or deny communication with specific servers.
%%
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.
%%% ==============
%%% AUTHENTICATION
%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
%%{auth_method, internal}.
%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
%%{auth_method, external}.
%%{extauth_program, "\\path\\to\\authentication\\script"}.
%%
%% Authentication using ODBC
%% Remember to setup a database in the next section.
%%
%%{auth_method, odbc}.
%%
%% Authentication using PAM
%%
%%{auth_method, pam}.
%%{pam_service, "pamservicename"}.
%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["DCCOMMUNDEV-EVO"]}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName","%u"}]}.
{ldap_filter, "(&(objectClass=user)(objectCategory=person))"}.
%%
%% Search base of LDAP directory:
{ldap_base, "OU=Tsung_Users,DC=COMMUNDEV-EVO,DC=FR"}.
%%
%% LDAP manager:
%% ************************************************************************************************
%% Note for LDAP Manager : if this account is only member of the "Domain users" group it MUST BE
%% -----> Member of the Ejabberd server "Administrators" group
%% -----> Allowed to log on locally to the Ejabberd server
%% ************************************************************************************************
{ldap_rootdn, "CN=EJABBERD,CN=Users,DC=COMMUNDEV-EVO,DC=FR"}.
%%
%% Password to LDAP manager:
{ldap_password, "*********"}.
%%
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon | login_anon | both
%% allow_multiple_connections: true | false
%%
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%%
%% To use both anonymous and internal authentication:
%%
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
%%% ==============
%%% DATABASE SETUP
%% ejabberd uses by default the internal Mnesia database,
%% so you can avoid this section.
%% This section provides configuration examples in case
%% you want to use other database backends.
%% Please consult the ejabberd Guide for details about database creation.
%%
%% MySQL server:
%%
%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
%%
%% PostgreSQL server:
%%
%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
%%
%% If you use PostgreSQL, have a large database, and need a
%% faster but inexact replacement for "select count(*) from users"
%%
%%{pgsql_users_number_estimate, true}.
%%
%% ODBC compatible or MSSQL server:
%%
%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
%%% ===============
%%% TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "admin", "ejabberd-1"}}.
%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.
%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.
%%
%% More examples of ACLs
%%
%%{acl, jabberorg, {server, "jabber.org"}}.
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%%{acl, test, {user_regexp, "^test"}}.
%%{acl, test, {user_glob, "test*"}}.
%%% ============
%%% ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.
%% This rule allows access only for local users:
{access, local, [{allow, local}]}.
%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
%% Every username can be registered via in-band registration:
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{allow, all}]}.
%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
%%% ================
%%% DEFAULT LANGUAGE
%%
%% language: Default language used for server messages.
%%
{language, "en"}.
%%% MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.EJABBERD"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [{docroot, "C:\\Program Files\\ejabberd-2.0.2_2\\www"}]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
%%{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{plugins, ["default", "pep"]}
]},
{mod_register, [
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, {"Bienvenue !",
"Bienvenue sur le serveur JABBER SRV-EJABBERD."}},
%%
%% When a user registers, send a notification to
%% these Jabber accounts.
%%
%%{registration_watchers, ["admin1@example.org"]},
{access, register}
]},
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_vcard_ldap,
[{ldap_vcard_map,
[{"NICKNAME", "%u", []},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]}]},
{ldap_search_fields,
[{"Utilisateur", "%u"},
{"Prénom", "givenName"},
{"Nom", "sn"},
{"Email", "mail"},
{"Société", "company"},
{"Service", "department"},
{"Mission principale", "title"},
{"Description", "description"},
{"Téléphone", "telephoneNumber"}]},
{ldap_search_reported,
[{"Nom complet", "FN"},
{"Utilisateur", "NICKNAME"},
{"Email", "EMAIL"}]}
]},
{mod_version, []}
]}.
%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $
%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8:
--------------------------------------------------------------------------------------------------------
Ejabberd.cfg (ejabberd-2) :
%%%
%%% ejabberd configuration file
%%%
%%% The parameters used in this configuration file are explained in more detailhttp://www.process-one.net/en/ejabberd/docs/
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is included in
%%% your copy of ejabberd, and is also available online at
%%%
%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
%%%
%%% - The character to comment a line is %
%%%
%%% - Each term ends in a dot, for example:
%%% override_global.
%%%
%%% - A tuple has a fixed definition, its elements are
%%% enclosed in {}, and separated with commas:
%%% {loglevel, 4}.
%%%
%%% - A list can have as many elements as you want,
%%% and is enclosed in [], for example:
%%% [http_poll, web_admin, tls]
%%%
%%% - A keyword of ejabberd is a word in lowercase.
%%% The strings are enclosed in "" and can have spaces, dots...
%%% {language, "en"}.
%%% {ldap_rootdn, "dc=example,dc=com"}.
%%%
%%% - This term includes a tuple, a keyword, a list and two strings:
%%% {hosts, ["jabber.example.net", "im.example.com"]}.
%%%
%%% =======================
%%% OVERRIDE STORED OPTIONS
%%
%% Override the old values stored in the database.
%%
%%
%% Override global options (shared by all ejabberd nodes in a cluster).
%%
override_global.
%%
%% Override local options (specific for this particular ejabberd node).
%%
override_local.
%%
%% Remove the Access Control Lists before new ones are added.
%%
override_acls.
%%% =========
%%% DEBUGGING
%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 4}.
%%
%% watchdog_admins: If an ejabberd process consumes too much memory,
%% send live notifications to those Jabber accounts.
%%
%%{watchdog_admins, ["admin@ejabberd-1"]}.
%%% ================
%%% SERVED HOSTNAMES
%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
%%{hosts, ["ejabberd-1"]}.
{hosts, ["commundev-evo.fr"]}.
%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%%
{route_subdomains, s2s}.
%%% ===============
%%% LISTENING PORTS
%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%%
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
%%
%% To enable the old SSL connection method in port 5223:
%%
%%{5223, ejabberd_c2s, [
%% {certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}, tls,
%% {access, c2s},
%% {shaper, c2s_shaper},
%% {max_stanza_size, 65536}
%% ]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
%%
%% ejabberd_service: Interact with external components (transports...)
%%
%%{8888, ejabberd_service, [
%% {access, all},
%% {shaper_rule, fast},
%% {ip, {127, 0, 0, 1}},
%% {hosts, ["icq.example.org", "sms.example.org"],
%% [{password, "secret"}]
%% }
%% ]},
{5280, ejabberd_http, [
http_bind,
http_poll,
web_admin
]}
]}.
%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% You must specify a certificate file.
%%
%%{s2s_use_starttls, true}.
%%
%% s2s_certfile: Specify a certificate file.
%%
%%{s2s_certfile, "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\server.pem"}.
%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org", "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\example_org.pem"}.
%%{domain_certfile, "example.com", "C:\\Program Files\\ejabberd-2.0.2_2\\conf\\example_com.pem"}.
%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
%%{s2s_default_policy, allow}.
%%
%% Allow or deny communication with specific servers.
%%
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.
%%% ==============
%%% AUTHENTICATION
%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
%%{auth_method, internal}.
%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
%%{auth_method, external}.
%%{extauth_program, "\\path\\to\\authentication\\script"}.
%%
%% Authentication using ODBC
%% Remember to setup a database in the next section.
%%
%%{auth_method, odbc}.
%%
%% Authentication using PAM
%%
%%{auth_method, pam}.
%%{pam_service, "pamservicename"}.
%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["DCCOMMUNDEV-EVO"]}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName","%u"}]}.
{ldap_filter, "(&(objectClass=user)(objectCategory=person))"}.
%%
%% Search base of LDAP directory:
{ldap_base, "OU=Tsung_Users,DC=COMMUNDEV-EVO,DC=FR"}.
%%
%% LDAP manager:
%% ************************************************************************************************
%% Note for LDAP Manager : if this account is only member of the "Domain users" group it MUST BE
%% -----> Member of the Ejabberd server "Administrators" group
%% -----> Allowed to log on locally to the Ejabberd server
%% ************************************************************************************************
{ldap_rootdn, "CN=EJABBERD,CN=Users,DC=COMMUNDEV-EVO,DC=FR"}.
%%
%% Password to LDAP manager:
{ldap_password, "***********"}.
%%
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon | login_anon | both
%% allow_multiple_connections: true | false
%%
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%%
%% To use both anonymous and internal authentication:
%%
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
%%% ==============
%%% DATABASE SETUP
%% ejabberd uses by default the internal Mnesia database,
%% so you can avoid this section.
%% This section provides configuration examples in case
%% you want to use other database backends.
%% Please consult the ejabberd Guide for details about database creation.
%%
%% MySQL server:
%%
%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
%%
%% PostgreSQL server:
%%
%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
%%
%% If you use PostgreSQL, have a large database, and need a
%% faster but inexact replacement for "select count(*) from users"
%%
%%{pgsql_users_number_estimate, true}.
%%
%% ODBC compatible or MSSQL server:
%%
%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
%%% ===============
%%% TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "admin", "ejabberd-1"}}.
%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.
%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.
%%
%% More examples of ACLs
%%
%%{acl, jabberorg, {server, "jabber.org"}}.
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%%{acl, test, {user_regexp, "^test"}}.
%%{acl, test, {user_glob, "test*"}}.
%%% ============
%%% ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.
%% This rule allows access only for local users:
{access, local, [{allow, local}]}.
%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
%% Every username can be registered via in-band registration:
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{allow, all}]}.
%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
%%% ================
%%% DEFAULT LANGUAGE
%%
%% language: Default language used for server messages.
%%
{language, "en"}.
%%% MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.EJABBERD"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [{docroot, "C:\\Program Files\\ejabberd-2.0.2_2\\www"}]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
%%{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{plugins, ["default", "pep"]}
]},
{mod_register, [
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, {"Bienvenue !",
"Bienvenue sur le serveur JABBER SRV-EJABBERD."}},
%%
%% When a user registers, send a notification to
%% these Jabber accounts.
%%
%%{registration_watchers, ["admin1@example.org"]},
{access, register}
]},
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_vcard_ldap,
[{ldap_vcard_map,
[{"NICKNAME", "%u", []},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]}]},
{ldap_search_fields,
[{"Utilisateur", "%u"},
{"Prénom", "givenName"},
{"Nom", "sn"},
{"Email", "mail"},
{"Société", "company"},
{"Service", "department"},
{"Mission principale", "title"},
{"Description", "description"},
{"Téléphone", "telephoneNumber"}]},
{ldap_search_reported,
[{"Nom complet", "FN"},
{"Utilisateur", "NICKNAME"},
{"Email", "EMAIL"}]}
]},
{mod_version, []}
]}.
%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $
%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8:
Re: I need some help on Ejabberd clustering with AD
Here is my configuration :
Ejabberd domain = AD domain = commundev-evo.fr
Ejabberdctl.cfg (ejabberd-1) :
ERLANG_NODE=ejabberd@ejabberd-1
Ejabberdctl.cfg (ejabberd-2) :
ERLANG_NODE=ejabberd@ejabberd-2
Did you read Chapter 6 of Installation Guide? Did you perform all 6 steps from section 6.2?
If you did, show Mnesia information from both of your nodes:
> mnesia:info().
Also try to ping your nodes:
(ejabberd@ejabberd-2)> net_adm:ping('ejabberd@ejabberd-1').
By the way, the acl {acl, admin, {user, "admin", "ejabberd-1"}} will never match just because you haven't virtual host "ejabberd-1": your virtual host name is "commundev-evo.fr".
ejabberd clustering
Here is my configuration :
Ejabberd domain = AD domain = commundev-evo.fr
Ejabberdctl.cfg (ejabberd-1) :
ERLANG_NODE=ejabberd@ejabberd-1
Ejabberdctl.cfg (ejabberd-2) :
ERLANG_NODE=ejabberd@ejabberd-2
Did you read Chapter 6 of Installation Guide? Did you perform all 6 steps from section 6.2?
If you did, show Mnesia information from both of your nodes:
> mnesia:info().
Also try to ping your nodes:
(ejabberd@ejabberd-2)> net_adm:ping('ejabberd@ejabberd-1').
By the way, the acl {acl, admin, {user, "admin", "ejabberd-1"}} will never match just because you haven't virtual host "ejabberd-1": your virtual host name is "commundev-evo.fr".
-------------------------------------------------------------------------------------------------
I'm checking ejabberd cluster using just the mnesia database and ejabberd internal authentication
(until the problem is fixed).
-------------------------------------------------------------------------------------------------
Results :
(ejabberd@ejabberd-2)2> mnesia:info().
---> Processes holding locks <---
---> Processes waiting for locks <---
---> Participant transactions <---
---> Coordinator transactions <---
---> Uncertain transactions <---
---> Active tables <---
schema : with 30 records occupying 3759 words of mem
===> System info in version "4.4.3", debug level = none <===
opt_disc. Directory "c:/Program Files/ejabberd-2.0.2_2/bin/Mnesia.ejabberd@ejabb
erd-2" is used.
use fallback at restart = false
running db nodes = ['ejabberd@ejabberd-1','ejabberd@ejabberd-2']
stopped db nodes = []
master node tables = []
remote = [acl,caps_features,config,disco_publish,iq_response,
irc_custom,last_activity,local_config,mod_register_ip,
motd,motd_users,muc_online_room,muc_registered,muc_room,
offline_msg,passwd,privacy,private_storage,pubsub_item,
pubsub_node,pubsub_state,roster,route,s2s,session,
sr_group,sr_user,vcard,vcard_search]
ram_copies = []
disc_copies = [schema]
disc_only_copies = []
[] = [local_config,mod_register_ip]
[{'ejabberd@ejabberd-1',disc_copies}] = [acl,config,passwd,motd,motd_users,
irc_custom,last_activity,muc_room,
muc_registered,privacy,pubsub_node,
pubsub_state,roster,sr_group,sr_user,
vcard_search]
[{'ejabberd@ejabberd-1',disc_copies},
{'ejabberd@ejabberd-2',disc_copies}] = [schema]
[{'ejabberd@ejabberd-1',disc_only_copies}] = [disco_publish,offline_msg,
private_storage,pubsub_item,
vcard]
[{'ejabberd@ejabberd-1',ram_copies}] = [route,session,s2s,iq_response,
caps_features,muc_online_room]
3 transactions committed, 1 aborted, 0 restarted, 0 logged to disc
0 held locks, 0 in queue; 0 local transactions, 0 remote
0 transactions waits for other nodes: []
ok
(ejabberd@ejabberd-2)3> net_adm:ping('ejabberd@ejabberd-1').
pong
(ejabberd@ejabberd-2)4> mnesia:info().
---> Processes holding locks <---
---> Processes waiting for locks <---
---> Participant transactions <---
---> Coordinator transactions <---
---> Uncertain transactions <---
---> Active tables <---
schema : with 30 records occupying 3759 words of mem
===> System info in version "4.4.3", debug level = none <===
opt_disc. Directory "c:/Program Files/ejabberd-2.0.2_2/bin/Mnesia.ejabberd@ejabb
erd-2" is used.
use fallback at restart = false
running db nodes = ['ejabberd@ejabberd-1','ejabberd@ejabberd-2']
stopped db nodes = []
master node tables = []
remote = [acl,caps_features,config,disco_publish,iq_response,
irc_custom,last_activity,local_config,mod_register_ip,
motd,motd_users,muc_online_room,muc_registered,muc_room,
offline_msg,passwd,privacy,private_storage,pubsub_item,
pubsub_node,pubsub_state,roster,route,s2s,session,
sr_group,sr_user,vcard,vcard_search]
ram_copies = []
disc_copies = [schema]
disc_only_copies = []
[] = [local_config,mod_register_ip]
[{'ejabberd@ejabberd-1',disc_copies}] = [acl,config,passwd,motd,motd_users,
irc_custom,last_activity,muc_room,
muc_registered,privacy,pubsub_node,
pubsub_state,roster,sr_group,sr_user,
vcard_search]
[{'ejabberd@ejabberd-1',disc_copies},
{'ejabberd@ejabberd-2',disc_copies}] = [schema]
[{'ejabberd@ejabberd-1',disc_only_copies}] = [disco_publish,offline_msg,
private_storage,pubsub_item,
vcard]
[{'ejabberd@ejabberd-1',ram_copies}] = [route,session,s2s,iq_response,
caps_features,muc_online_room]
3 transactions committed, 1 aborted, 0 restarted, 0 logged to disc
0 held locks, 0 in queue; 0 local transactions, 0 remote
0 transactions waits for other nodes: []
ok
---------------------------------------------------------------------------------------------
(ejabberd@ejabberd-2)5> net_adm:ping('ejabberd@ejabberd-1').
pong
(ejabberd@ejabberd-2)6>
Re: I need some help on Ejabberd clustering with AD
Quite strange:
(ejabberd@ejabberd-2)2> mnesia:info().
...
remote = [acl,caps_features,config,disco_publish,iq_response,
irc_custom,last_activity,local_config,mod_register_ip,
motd,motd_users,muc_online_room,muc_registered,muc_room,
offline_msg,passwd,privacy,private_storage,pubsub_item,
pubsub_node,pubsub_state,roster,route,s2s,session,
sr_group,sr_user,vcard,vcard_search]
...
[{'ejabberd@ejabberd-1',ram_copies}] = [route,session,s2s,iq_response,
caps_features,muc_online_room]
Could you please run these commands on ejabberd-2 and show the output:
> mnesia:add_table_copy(session, node(), ram_copies).
> mnesia:add_table_copy(route, node(), ram_copies).
Ejabberd cluster ...
Quite strange:
(ejabberd@ejabberd-2)2> mnesia:info().
...
remote = [acl,caps_features,config,disco_publish,iq_response,
irc_custom,last_activity,local_config,mod_register_ip,
motd,motd_users,muc_online_room,muc_registered,muc_room,
offline_msg,passwd,privacy,private_storage,pubsub_item,
pubsub_node,pubsub_state,roster,route,s2s,session,
sr_group,sr_user,vcard,vcard_search]
...
[{'ejabberd@ejabberd-1',ram_copies}] = [route,session,s2s,iq_response,
caps_features,muc_online_room]
Could you please run these commands on ejabberd-2 and show the output:
> mnesia:add_table_copy(session, node(), ram_copies).
> mnesia:add_table_copy(route, node(), ram_copies).
(ejabberd@ejabberd-2)6> mnesia:add_table_copy(session, node(), ram_copies).
{atomic,ok}
(ejabberd@ejabberd-2)7> mnesia:add_table_copy(route, node(), ram_copies).
{atomic,ok}
(ejabberd@ejabberd-2)8> net_adm:ping('ejabberd@ejabberd-1').
pong
(ejabberd@ejabberd-2)9> mnesia:info().
---> Processes holding locks <---
---> Processes waiting for locks <---
---> Participant transactions <---
---> Coordinator transactions <---
---> Uncertain transactions <---
---> Active tables <---
route : with 5 records occupying 577 words of mem
session : with 0 records occupying 279 words of mem
schema : with 30 records occupying 3770 words of mem
===> System info in version "4.4.3", debug level = none <===
opt_disc. Directory "c:/Program Files/ejabberd-2.0.2_2/bin/Mnesia.ejabberd@ejabb
erd-2" is used.
use fallback at restart = false
running db nodes = ['ejabberd@ejabberd-1','ejabberd@ejabberd-2']
stopped db nodes = []
master node tables = []
remote = [acl,caps_features,config,disco_publish,iq_response,
irc_custom,last_activity,local_config,mod_register_ip,
motd,motd_users,muc_online_room,muc_registered,muc_room,
offline_msg,passwd,privacy,private_storage,pubsub_item,
pubsub_node,pubsub_state,roster,s2s,sr_group,sr_user,
vcard,vcard_search]
ram_copies = [route,session]
disc_copies = [schema]
disc_only_copies = []
[] = [local_config,mod_register_ip]
[{'ejabberd@ejabberd-1',disc_copies}] = [acl,config,passwd,motd,motd_users,
irc_custom,last_activity,muc_room,
muc_registered,privacy,pubsub_node,
pubsub_state,roster,sr_group,sr_user,
vcard_search]
[{'ejabberd@ejabberd-1',disc_copies},
{'ejabberd@ejabberd-2',disc_copies}] = [schema]
[{'ejabberd@ejabberd-1',disc_only_copies}] = [disco_publish,offline_msg,
private_storage,pubsub_item,
vcard]
[{'ejabberd@ejabberd-1',ram_copies}] = [s2s,iq_response,caps_features,
muc_online_room]
[{'ejabberd@ejabberd-1',ram_copies},
{'ejabberd@ejabberd-2',ram_copies}] = [session,route]
5 transactions committed, 1 aborted, 0 restarted, 2 logged to disc
0 held locks, 0 in queue; 0 local transactions, 0 remote
0 transactions waits for other nodes: []
ok
(ejabberd@ejabberd-2)10>
OK it's working fine now
OK it's working fine now !
What I've done (sourcehttp://ropeonfire.blogspot.com/ ) :
> erl -sname ejabberd -mnesia extra_db_nodes "['ejabberd@ejabberd-1','ejabberd@ejabberd-2']" -s mnesia
> mnesia:change_table_copy_type(schema, node(), disc_copies).
> mnesia:add_table_copy(passwd, node(), ram_copies).
> mnesia:add_table_copy(offline_msg,node(),disc_only_copies).
> mnesia:add_table_copy(privacy,node(),disc_copies).
> mnesia:add_table_copy(sr_group,node(),disc_copies).
> mnesia:add_table_copy(sr_user,node(),disc_copies).
> mnesia:add_table_copy(roster,node(),disc_copies).
> mnesia:add_table_copy(last_activity,node(),disc_copies).
> mnesia:add_table_copy(disco_publish,node(),disc_only_copies).
> mnesia:add_table_copy(pubsub_node,node(),disc_copies).
> mnesia:add_table_copy(pubsub_state,node(),disc_copies).
> mnesia:add_table_copy(pubsub_item,node(),disc_only_copies).
> mnesia:add_table_copy(session,node(),ram_copies).
> mnesia:add_table_copy(s2s,node(),ram_copies).
> mnesia:add_table_copy(route,node(),ram_copies).
> mnesia:add_table_copy(iq_response,node(),ram_copies).
> mnesia:add_table_copy(caps_features,node(),ram_copies).
> mnesia:add_table_copy(motd_users,node(),disc_copies).
> mnesia:add_table_copy(motd,node(),disc_copies).
> mnesia:add_table_copy(acl,node(),disc_copies).
> mnesia:add_table_copy(config,node(),disc_copies).
And finally VERY IMPORTANT :
-> Stop EJABBERD
-> Copy ALL DATABASE FILES FROM /bin/mnesia.ejabberd@ejabberd-2/*
-> To /database/ejabberd@ejabberd-2/*
-> Start EJABBERD : every EJABBERD user created on ejabberd@ejabberd-1 node is now visible at ejabberd@ejabberd-2 node.
-> Every user NEWLY CREATED on ejabberd@ejabberd-1 node is now visible at ejabberd@ejabberd-2 node.
Thank you very much for your help.
Last question : Once configured for LDAP authentication, there is no way to launch the admin menu (http://localhost:5280/admin/ ) because the LDAP password doesn't match with the internal (mnesia) password.
Is it possible to reset passwords or create new admins accounts matching with LDAP accounts ?