I have been trying get ejabberd working using AD as an ldap source. Authentication has been working for a while now, but I am struggling to get addressbook searches working. I am using the latest version (ejabberd-2.0.4-linux-x86_64-installer.bin)
I can query vcards for individual users however and it seems to me that this makes use of the same module?
I have this as host config:
{host_config, "domain.local", [ {auth_method, ldap},
{ldap_servers, ["DC.domain.local"]},
{ldap_base, "DC=CTDomain, DC=local"},
{ldap_rootdn, "CN=SRV_Ejab,CN=Users,DC=Domain,DC=local"},
{ldap_password, "MyPw"},
{ldap_uids, [{"sAMAccountName"}]},
{{add, modules},[
{mod_vcard_ldap,[
{ldap_vcard_map,
[{"NICKNAME", "%u", []},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]}
]},
{ldap_search_fields,
[{"User", "sAMAccountName"}, % Have tried with %u from the manual and UID from another post as well
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"}]},
{ldap_search_reported,
[{"Full Name", "FN"},
{"Nickname", "NICKNAME"},
{"Email", "EMAIL"}]}
]}
]}
]}.
Doing a query with debug logging enabled results always in this. I copied only the relevant part (I hope).
D(<0.397.0>:eldap:593) : {searchRequest,
{'SearchRequest',"DC=Domain, DC=local",
wholeSubtree,neverDerefAliases,30,0,false,
{'and',
[{present,"sAMAccountName"},
{substrings,
{'SubstringFilter',"sAMAccountName",
{'SubstringFilter_substrings',
[{any,"admi*"}]}}}]},
["displayName","mail"]}}
=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
["ldap://ForestDnsZones.CTDOMAIN.LOCAL/DC=ForestDnsZones,DC=CTDOMAIN,DC=LOCAL"]}
=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
["ldap://DomainDnsZones.CTDOMAIN.LOCAL/DC=DomainDnsZones,DC=CTDOMAIN,DC=LOCAL"]}
=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
["ldap://CTDOMAIN.LOCAL/CN=Configuration,DC=CTDOMAIN,DC=LOCAL"]}
=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResDone,
{'LDAPResult',success,[],[],asn1_NOVALUE}}
If I understand correctly, the asn1_NOVALUE means that the search was done succesfully, but had no results?
I have been trying to search on what the possible problem could be, but all the supposedly working configs that I have been able to find, seem comparable to my setup. Which means I am stuck :(
I hope someone will be able to shed some light on this or point me in the right direction.
Oh, on a side note: In most of the ldap authentication configs I can find, they also add the line:
{ldap_filter, "(memberOf=*)"}.
However, when I add this line (which seems to me not to add a whole lot to the query since an ad account always has to be a member of one group minimum), I cant logon anymore. So now that I took it out it works.
I did get it working, pretty
I did get it working, pretty sure I have tried this specific configuration before, but it works :)
{host_config, "ctdomain.local", [ {auth_method, ldap},
{ldap_servers, ["dc.domain.local"]},
{ldap_base, "DC=Domain, DC=local"},
{ldap_rootdn, "CN=SRV_Ejab,CN=Users,DC=Domain,DC=local"},
{ldap_password, "Communicate01"},
{ldap_uids, [{"sAMAccountName","%u"}]},
%% {ldap_filter, "(memberOf=*)"},
{{add, modules},[
{mod_vcard_ldap,[
{ldap_vcard_map,
[{"NICKNAME", "%u", []},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]}
]},
{ldap_search_fields,
[
{"User", "%u"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"}]},
{ldap_search_reported,
[{"Full Name", "FN"},
{"Nickname", "NICKNAME"},
{"Email", "EMAIL"}]}
]}
]}
]}.