Hello,
At this time I have currently installed ejabberd 2.0.3 in corporate LAN and setup it to use LDAP auth (in Active Directory) and LDAP vcards.
So all my users connects to ejabberd server with their AD passwords.
I have configured ejabberd to serve host my.company.lan, local DNS also configured to have all needed domains like vjud.my.company.lan, conference.my.company.lan, etc.
But now I need ability for some employers to contact with some external jabber servers (gtalk, jabber.org and so on).
So here is some tips and my steps that I have already tried for my task:
1. Our company have registered domain name - company.com. I have tried to point ejabberd hosts section from my.company.lan to company.com in test environment. I have added all needed xmpp records to our corporate DNS for company.com when all this were done I get an ability to contact anyone at @gtalk.com. Also anyone from @gtalk.com have an ability to contact my @company.com host.
But this configuration have very big disadvantage for me, because I have mod_vcard_ldap configured so all users ID have lots of useful in corporate environment info (real name, email, phone, address) but completely useless and I think dangerous info for public, not corporate view. With this configuration I have done some searches for @company.com nicknames and yes, I got completely info about this person, future more mod_ldap_vcard does not give an ability to change records in LDAP directly, so if I use this scheme all my employers will be "naked" to wild internet.
2. Actually there is only a couple of people who needs to have ability communicate with external jabber users, all other employers only communicate inside corporate LAN. So I start searching for some type of jabber-to-jabber transport, my basic idea were leave my.company.lan for LAN communication and configure additional domain.com host for external communication in this case company.com will not use any ldap related modules. Also I can disable mod_register at all and setup only s2s communication from WAN to my ejabberd server. In this case employers who needs external contacts will have two jabber accounts one @my.company.lan with LDAP enabled and another one @company.com. So with this configuration we solve vcard problem from point 1. - all users will be able to modify their vcards with mod_vcard as they wish, but we get another one troubles - now some of our users have two jabber accounts actually it can be solved with J2J transport in this case we need setup jabber-to-jabber transport for @company.com only once and all future times user will logon as @my.company.lan and have ability to chat with anybody through transport as @company.com user. But ejabberd hasn't internal ability to do J2J transport, I have found J2J module with I'll try to use if this only one possible solution for me, but after quick research I see that J2J needs couple of additional components to compile, wich are unwanted for my servers.
3. Finally I realized that ideal solution for my task will be some type of aliasing. But solution that I have found uses pam authentication and it is not compatible with LDAP.
4. End, at last, I think some transparent method to move users rosters also fill be fine for me, if no other ideas exists. Let me explain what I mean on " transparent method":
for example I have three users:
They all in roster Employers, and also John added
Mike need an ability to contact with somebody in @gtalk.com so I'll register for him
Any help are welcome.