Home » Forums » ejabberd & XMPP » ejabberd Administration

LDAP not working in ejabberd 2.1.9 on FreeBSD 8.1

Submitted by senz on Thu, 2011-12-29 21:45

hi,

maybe someone can help me. im trying to get ejabberd to authenticate against an openldap server.
the ldap-server works fine, i can access it with other clients without any issue.
it seems when i try to authenticate a user that ejabberd doesnt even try to connect to the ldap-server.
i dont see any connection entries in the ejabberd-log, neither in the openldap-log.

when i sniff the traffic on the loopback interface i dont see any connection attempts either.

this is the relevant config i use:

%%{auth_method, internal}.

{auth_method, ldap}.
{ldap_servers, ["localhost"]}. % List of LDAP servers
{ldap_encrypt, none}.
{ldap_port, 389}.
%%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
{ldap_base, "dc=jabber,dc=mydomain1,dc=mydomain2"}.
{ldap_rootdn, "cn=Manager,dc=jabber,dc=mydomain1,dc=mydomain2"}.
{ldap_password, "xxxxxxxxxxxx"}.
{ldap_filter, "(objectClass=shadowAccount)"}.

this is what i see in ejabberd-log when i try to authenticate a use:

=INFO REPORT==== 2011-12-29 17:33:57 ===
I(<0.2988.0>:ejabberd_c2s:649) : ({socket_state,tls,{tlssock,#Port<0.27619>,#Port<0.27647>},<0.2987.0>}) Failed authentication for tuser@jabber.mydomain1.mydomain2

‹ [ejabberd s2s] problem to auth jabber.org,... having trouble with s2s people cannot join my servers conference ›

If ejabberd is using that

Submitted by mfoss on Wed, 2012-01-04 16:23.

If ejabberd is using that configuration, then ejabberd should try to connect to localhost:389, and you should be able to sniff the traffic like this:

$ sudo tcpflow -i lo -ec tcp port 389
tcpflow[17846]: listening on lo
127.000.000.001.36666-127.000.000.001.00389: 00...c+..dc=poke
..  
...............cn..robin0...cn
..cn1...robin01.00389-127.000.000.001.36666: 01...d,..cn=robin,ou=users,dc=poke0.0
127.000.000.001.00389-127.000.000.001.36666: 0....e.
......
127.000.000.001.37946-127.000.000.001.00389: 0)...`$.....cn=robin,ou=users,dc=poke..aaaf
127.000.000.001.00389-127.000.000.001.37946: 0....a.
......

If that doesn't happen, then it means ejabberd isn't using those options. Maybe you are editing an ejabberd.cfg that ejabberd doesn't read? maybe you hav another {auth_method, internal} that overwrites the ldap one, ...

»

badlop wrote: If ejabberd is

Submitted by senz on Wed, 2012-01-04 21:27.
badlop wrote:

If ejabberd is using that configuration, then ejabberd should try to connect to localhost:389, and you should be able to sniff the traffic like this:

If that doesn't happen, then it means ejabberd isn't using those options. Maybe you are editing an ejabberd.cfg that ejabberd doesn't read? maybe you hav another {auth_method, internal} that overwrites the ldap one, ...

i was sniffing traffic and didnt see anything coming from the ejabberd-instance. i saw the traffic of my other ldap client just fine.
im not using {auth_method, internal} either as you can see in the relevant part of the config i posted.
and ejabberd is using the config file because when i change auth back to internal in it it works just fine.
thanks anyway.

»
Syndicate content

User login