mod_vcard_ldap alway gives an empty results list (AD)

I have been trying get ejabberd working using AD as an ldap source. Authentication has been working for a while now, but I am struggling to get addressbook searches working. I am using the latest version (ejabberd-2.0.4-linux-x86_64-installer.bin)

I can query vcards for individual users however and it seems to me that this makes use of the same module?

I have this as host config:

{host_config, "domain.local", [      {auth_method, ldap},
                                        {ldap_servers, ["DC.domain.local"]},
                                        {ldap_base, "DC=CTDomain, DC=local"},
                                        {ldap_rootdn, "CN=SRV_Ejab,CN=Users,DC=Domain,DC=local"},
                                        {ldap_password, "MyPw"},
                                        {ldap_uids, [{"sAMAccountName"}]},
                                        {{add, modules},[
                                          {mod_vcard_ldap,[
                                                {ldap_vcard_map,
                                                [{"NICKNAME", "%u", []},
                                                 {"GIVEN", "%s", ["givenName"]},
                                                 {"MIDDLE", "%s", ["initials"]},
                                                 {"FAMILY", "%s", ["sn"]},
                                                 {"FN", "%s", ["displayName"]},
                                                 {"EMAIL", "%s", ["mail"]},
                                                 {"ORGNAME", "%s", ["company"]},
                                                 {"ORGUNIT", "%s", ["department"]},
                                                 {"CTRY", "%s", ["c"]},
                                                 {"LOCALITY", "%s", ["l"]},
                                                 {"STREET", "%s", ["streetAddress"]},
                                                 {"REGION", "%s", ["st"]},
                                                 {"PCODE", "%s", ["postalCode"]},
                                                 {"TITLE", "%s", ["title"]},
                                                 {"URL", "%s", ["wWWHomePage"]},
                                                 {"DESC", "%s", ["description"]},
                                                 {"TEL", "%s", ["telephoneNumber"]}
                                                 ]},
                                                {ldap_search_fields,
                                                [{"User", "sAMAccountName"},  % Have tried with %u from the manual and UID from another post as well
                                                 {"Name", "givenName"},
                                                 {"Family Name", "sn"},
                                                 {"Email", "mail"}]},
                                                {ldap_search_reported,
                                                [{"Full Name", "FN"},
                                                 {"Nickname", "NICKNAME"},
                                                 {"Email", "EMAIL"}]}
                                        ]}
                                      ]}
                                ]}.

Doing a query with debug logging enabled results always in this. I copied only the relevant part (I hope).

D(<0.397.0>:eldap:593) : {searchRequest,
                          {'SearchRequest',"DC=Domain, DC=local",
                           wholeSubtree,neverDerefAliases,30,0,false,
                           {'and',
                            [{present,"sAMAccountName"},
                             {substrings,
                              {'SubstringFilter',"sAMAccountName",
                               {'SubstringFilter_substrings',
                                [{any,"admi*"}]}}}]},
                           ["displayName","mail"]}}

=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
                             ["ldap://ForestDnsZones.CTDOMAIN.LOCAL/DC=ForestDnsZones,DC=CTDOMAIN,DC=LOCAL"]}

=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
                             ["ldap://DomainDnsZones.CTDOMAIN.LOCAL/DC=DomainDnsZones,DC=CTDOMAIN,DC=LOCAL"]}

=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResRef,
                             ["ldap://CTDOMAIN.LOCAL/CN=Configuration,DC=CTDOMAIN,DC=LOCAL"]}

=INFO REPORT==== 2009-03-18 16:45:15 ===
D(<0.397.0>:eldap:654) : {searchResDone,
                             {'LDAPResult',success,[],[],asn1_NOVALUE}}

If I understand correctly, the asn1_NOVALUE means that the search was done succesfully, but had no results?
I have been trying to search on what the possible problem could be, but all the supposedly working configs that I have been able to find, seem comparable to my setup. Which means I am stuck :(

I hope someone will be able to shed some light on this or point me in the right direction.

Oh, on a side note: In most of the ldap authentication configs I can find, they also add the line:
{ldap_filter, "(memberOf=*)"}.
However, when I add this line (which seems to me not to add a whole lot to the query since an ad account always has to be a member of one group minimum), I cant logon anymore. So now that I took it out it works.

I did get it working, pretty

I did get it working, pretty sure I have tried this specific configuration before, but it works :)

{host_config, "ctdomain.local", [      {auth_method, ldap},
                                        {ldap_servers, ["dc.domain.local"]},
                                        {ldap_base, "DC=Domain, DC=local"},
                                        {ldap_rootdn, "CN=SRV_Ejab,CN=Users,DC=Domain,DC=local"},
                                        {ldap_password, "Communicate01"},
                                        {ldap_uids, [{"sAMAccountName","%u"}]},
%%                                      {ldap_filter, "(memberOf=*)"},
                                        {{add, modules},[
                                          {mod_vcard_ldap,[
                                                {ldap_vcard_map,
                                                [{"NICKNAME", "%u", []},
                                                 {"GIVEN", "%s", ["givenName"]},
                                                 {"MIDDLE", "%s", ["initials"]},
                                                 {"FAMILY", "%s", ["sn"]},
                                                 {"FN", "%s", ["displayName"]},
                                                 {"EMAIL", "%s", ["mail"]},
                                                 {"ORGNAME", "%s", ["company"]},
                                                 {"ORGUNIT", "%s", ["department"]},
                                                 {"CTRY", "%s", ["c"]},
                                                 {"LOCALITY", "%s", ["l"]},
                                                 {"STREET", "%s", ["streetAddress"]},
                                                 {"REGION", "%s", ["st"]},
                                                 {"PCODE", "%s", ["postalCode"]},
                                                 {"TITLE", "%s", ["title"]},
                                                 {"URL", "%s", ["wWWHomePage"]},
                                                 {"DESC", "%s", ["description"]},
                                                 {"TEL", "%s", ["telephoneNumber"]}
                                                 ]},
                                                {ldap_search_fields,
                                                [
                                                 {"User", "%u"},
                                                 {"Name", "givenName"},
                                                 {"Family Name", "sn"},
                                                 {"Email", "mail"}]},
                                                {ldap_search_reported,
                                                [{"Full Name", "FN"},
                                                 {"Nickname", "NICKNAME"},
                                                 {"Email", "EMAIL"}]}
                                        ]}
                                      ]}
                                ]}.
Syndicate content