I've copied in my settings from an operational 2.1.9 installation, made the necessary small tweak (setting the cluster id), and attempted to run 3.x testing the new mod_shared_roster_ldap supplied at EJAB-1480 ().
I noticed there's no ldap authentication in my install... thinking it was syntax or a configuration issue I've checked and re-checked, diff and compare my config with the base standard configuration. I cannot for the life of me figure out what is wrong with this other than when I turn on full debugging, no where do I see anything about ejabberd making an ldap connection to my AD! It would appear that there's a deficiency in 3.0.0-a4 where auth_ldap doesn't work. Can someone else confirm?
Here's my full ejabberd.cfg with a little sanitation:
%%%
%%% ejabberd configuration file
%%%
%%% =======================
%%% OVERRIDE STORED OPTIONS
%%
%% Override global options (shared by all ejabberd nodes in a cluster).
%%
override_global.
%%
%% Override local options (specific for this particular ejabberd node).
%%
override_local.
%%
%% Remove the Access Control Lists before new ones are added.
%%
override_acls.
%%% =========
%%% DEBUGGING
%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 5}.
%%% ================
%%% SERVED HOSTNAMES
{hosts, ["company.com"]}.
%%% ===============
%%% LISTENING PORTS
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "/opt/ejabberd-3.0.0-alpha-4/conf/server.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
{5280, ejabberd_http, [
%%{request_handlers, [
%% {["web"], mod_http_fileserver}
%%]},
captcha,
http_bind,
http_poll,
web_admin
]}
]}.
%%% ==============
%%% AUTHENTICATION
{auth_storage,mnesia}.
%% Authentication using LDAP
%%
{auth_method, ldap}.
%% List of LDAP servers:
{ldap_servers, ["LDAP-1", "LDAP-2"]}.
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName","%u@company.com"}]}.
%% Search base of LDAP directory:
{ldap_base, "DC=company,DC=com"}.
%% LDAP manager:
{ldap_rootdn, "CN=<admin_account>,OU=ServiceAccounts,OU=Company,DC=company,DC=com"}.
%% Password to LDAP manager:
{ldap_password, "***************"}.
%% Encryption setting for LDAP connection:
{ldap_encrypt, tls}.
%% LDAP Port
{ldap_port, 636}.
%%% ===============
%%% TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "<my_user>", "company.com"}}.
%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.
%%% ============
%%% ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.
%% This rule allows access only for local users:
{access, local, [{allow, local}]}.
%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
{access, muc_create, [{allow, local}]}.
%% In-band registration
{access, register, [{deny, all}]}.
%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, local}]}.
%%% ================
%%% DEFAULT LANGUAGE
%%
%% language: Default language used for server messages.
%%
{language, "en"}.
%%% =======
%%% CLUSTER
%% clusterid: the integer id of the cluster of nodes this node will
%% belong to.
{clusterid, 1}.
%%% =======
%%% MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.company.com"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [
%% {docroot, "/opt/ejabberd-3.0.0-alpha-4/www"},
%% {accesslog, "/opt/ejabberd-3.0.0-alpha-4/www/webaccess.log"},
%% {content_types, [{".htm", "text/html"}]},
%% {directory_indices, ["index.html", "index.htm"]}
%%]},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc_create},
{access_persistent, muc_create},
{access_admin, muc_admin}
]},
%%{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{ignore_pep_from_offline, true}, % reduce resource comsumption, but XEP incompliant
%%{ignore_pep_from_offline, false}, % XEP compliant, but increases resource comsumption
{last_item_cache, false},
{plugins, ["flat", "hometree", "pep"]}
]},
{mod_roster, []},
%%{mod_service_log,[]},
%%NOTE - This is the version of mod_shared_roster_ldap provided by EJAB-1480
{mod_shared_roster_ldap,[
{ldap_base, "OU=Company,DC=company,DC=com"},
%% {ldap_roster_cache_size, "0"},
{ldap_rfilter, "(&(objectClass=group)(CN=Jabber-*))"},
{ldap_groupattr, "distinguishedName"},
{ldap_gfilter, "(distinguishedName=%g)"},
{ldap_groupdesc, "description"},
{ldap_memberattr, "member"},
{ldap_member_selection_mode, memberattr_dn},
{ldap_ufilter, "(&(objectClass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(distinguishedName=%u))"},
{ldap_userdesc, "displayName"},
{ldap_useruid, "sAMAccountName"},
{ldap_useruid_format, "%u@company.com"}
]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard_ldap,[
{ldap_base, "OU=Company,DC=company,DC=com"},
{"NICKNAME", "%s %s", ["givenName", "sn"]},
{"GIVEN", "%s", ["givenName"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"TITLE", "%s", ["title"]},
{"DESC", "%s", ["description"]},
{"TEL", "%s", ["telephoneNumber"]},
{ldap_search_fields,[
{"User", "%u"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"},
{"Company", "company"},
{"Department", "department"},
{"Role", "title"},
{"Description", "description"},
{"Phone", "telephoneNumber"}
]},
{ldap_search_reported,[
{"Name", "givenName"},
{"Family Name", "sn"},
{"Full Name", "FN"},
{"Email", "EMAIL"}
]}
]},
{mod_version, []}
]}.
%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $
%%% Local Variables:
%%% mode: erlang
%%% End:
I don't see anything wrong with this configuration, and ultimately it DOES run fine... but I never see any indication that ejabberd connects to my ldap. I would think there's a missing dependency, but before I installed this I ran a 'build-dep' against wheezy (Debian) for ejabberd which is at version 2.1.9; I should have all the dependencies I need; plus this was a source-installation so it should automatically have all the dependencies required built in the tree... perhaps the build is missing the requirement? Anyone have a clue here?
I know my 2.1.9 install works fine (as I am using this for production), but when I turned the logging up just to be absolutely sure... I don't see the usual info reports of ldap connections on 3.0.0-alpha-4 like I do on 2.1.9. Here's what I expected to see (example from my 2.1.9 install):
=INFO REPORT==== 29-Oct-2011::22:32:00 ===
I(<0.350.0>:eldap:983) : LDAP connection on LDAP-1:636
=INFO REPORT==== 29-Oct-2011::22:32:00 ===
I(<0.352.0>:eldap:983) : LDAP connection on LDAP-2:636
I also see no evidence of any LDAP connections being made by looking at my netstat either:
root@localhost:/opt/ejabberd-3.0.0-alpha-4# netstat -na | grep ESTAB
tcp 0 0 127.0.0.1:43802 127.0.0.1:4369 ESTABLISHED
tcp 0 0 127.0.0.1:4369 127.0.0.1:43802 ESTABLISHED
tcp 0 0 xxx.x.x.x:22 xxx.x.x.x:50715 ESTABLISHED
udp 0 0 127.0.0.1:53904 127.0.0.1:53904 ESTABLISHED
I tried ldap in 2.1.9 and
I tried ldap in 2.1.9 and 3.0.0-alpha-4. It works in both cases.
I couldn't get ejabberd (neither 2.1.9 or 3) to work with ldaps, because I don't know how to configure slapd+ejabberd correctly to use ldaps.
In your investigation about the exact cause of the problem, you can try to disable ldap tls in ejabberd.cfg and restart.