Home » Forums » ejabberd & XMPP » ejabberd Administration

mod_shared_roster_ldap with OpenLDAP on Ubuntu 12.04

Submitted by sean82 on Thu, 2012-07-19 01:03

Hi,

Trying to set up shared roster from OpenLDAP sample data from the ApacheDS tutorial. This is the LDIF export

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: example.com

dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword:: YWRtaW4=
description: LDAP administrator

dn: o=sevenseas,dc=example,dc=com
objectClass: organization
objectClass: top
o: sevenseas

dn: ou=people,o=sevenseas,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: people

dn: ou=groups,o=sevenseas,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: ou=crews,ou=groups,o=sevenseas,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: crews

dn: cn=Horatio Hornblower,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Horatio Hornblower
sn: Hornblower
description: Capt. Horatio Hornblower, R.N
givenName: Horatio
mail: hhornblo@royalnavy.mod.uk
uid: hhornblo
userPassword:: cGFzc3dvcmQ=

dn: cn=William Bush,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: William Bush
sn: Bush
description: Lt. William Bush
givenName: William
mail: wbush@royalnavy.mod.uk
manager: cn=Horatio Hornblower,ou=people,o=sevenSeas
uid: wbush
userPassword:: cGFzc3dvcmQ=

dn: cn=Thomas Quist,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Thomas Quist
sn: Quist
description: Seaman Quist
givenName: Thomas
mail: tquist@royalnavy.mod.uk
manager: cn=Horatio Hornblower,ou=people,o=sevenSeas
uid: tquist
userPassword:: cGFzc3dvcmQ=

dn: cn=Moultrie Crystal,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Moultrie Crystal
sn: Crystal
description: Lt. Crystal
givenName: Moultrie
mail: mchrysta@royalnavy.mod.uk
manager: cn=Horatio Hornblower,ou=people,o=sevenSeas
uid: mchrysta
userPassword:: cGFzc3dvcmQ=

dn: cn=HMS Lydia,ou=crews,ou=groups,o=sevenseas,dc=example,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: HMS Lydia
uniqueMember: cn=Horatio Hornblower,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=William Bush,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=Thomas Quist,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=Moultrie Crystal,ou=people,o=sevenSeas,dc=example,dc=com

dn: cn=Horatio Nelson,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Horatio Nelson
sn: Nelson
description: Lord Horatio Nelson
givenName: Horatio
mail: hnelson@royalnavy.mod.uk
uid: hnelson
userPassword:: cGFzc3dvcmQ=

dn: cn=Thomas Masterman Hardy,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Thomas Masterman Hardy
sn: Hardy
description: Sir Thomas Masterman Hardy
givenName: Thomas
mail: thardy@royalnavy.mod.uk
manager: cn=Horatio Nelson,ou=people,o=sevenSeas,dc=example,dc=com
uid: thardy
userPassword:: cGFzc3dvcmQ=

dn: cn=Cornelius Buckley,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Cornelius Buckley
sn: Buckley
description: LM Cornelius Buckley
givenName: Cornelius
mail: cbuckley@royalnavy.mod.uk
manager: cn=Horatio Nelson,ou=people,o=sevenSeas,dc=example,dc=com
uid: cbuckley
userPassword:: cGFzc3dvcmQ=

dn: cn=HMS Victory,ou=crews,ou=groups,o=sevenseas,dc=example,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: HMS Victory
uniqueMember: cn=Horatio Nelson,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=Thomas Masterman Hardy,ou=people,o=sevenSeas,dc=example,dc=
com
uniqueMember: cn=Cornelius Buckley,ou=people,o=sevenSeas,dc=example,dc=com

dn: cn=William Bligh,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: William Bligh
sn: Bligh
description: Captain William Bligh
givenName: William
mail: wbligh@royalnavy.mod.uk
uid: wbligh
userPassword:: cGFzc3dvcmQ=

dn: cn=Fletcher Christian,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Fletcher Christian
sn: Christian
description: Lieutenant Fletcher Christian
givenName: Fletcher
mail: fchristi@royalnavy.mod.uk
manager: cn=William Bligh,ou=people,o=sevenSeas,dc=example,dc=com
uid: fchristi
userPassword:: cGFzc3dvcmQ=

dn: cn=John Fryer,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: John Fryer
sn: Fryer
description: Master John Fryer
givenName: John
mail: jfryer@royalnavy.mod.uk
manager: cn=William Bligh,ou=people,o=sevenSeas,dc=example,dc=com
uid: jfryer
userPassword:: cGFzc3dvcmQ=

dn: cn=John Hallett,ou=people,o=sevenseas,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: John Hallett
sn: Hallett
description: Midshipman John Hallett
givenName: John
mail: jhallett@royalnavy.mod.uk
manager: cn=William Bligh,ou=people,o=sevenSeas,dc=example,dc=com
uid: jhallett
userPassword:: cGFzc3dvcmQ=

dn: cn=HMS Bounty,ou=crews,ou=groups,o=sevenseas,dc=example,dc=com
objectClass: groupOfUniqueNames
objectClass: top
cn: HMS Bounty
uniqueMember: cn=William Bligh,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=Fletcher Christian,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=John Fryer,ou=people,o=sevenSeas,dc=example,dc=com
uniqueMember: cn=John Hallett,ou=people,o=sevenSeas,dc=example,dc=com

What I'd like to achieve is for the roster to be grouped by crew.
I've been trying for a few hours now and I am clearly missing something, since nothing shows up.
Here's the config:

{mod_shared_roster_ldap,[
    {ldap_base, "ou=crews,ou=groups,o=sevenseas,dc=example,dc=com"},
    {ldap_rfilter, "(objectClass=groupOfUniqueNames)"},
    {ldap_filter, ""},
    {ldap_gfilter, "ou=crews"},
    {ldap_groupdesc, "cn"},
    {ldap_memberattr, "uniqueMember"},
    {ldap_memberattr_format, "cn=%u,ou=people,o=sevenseas,dc=example,dc=com"},
    {ldap_ufilter, "(&(objectClass=inetOrgPerson)(cn=%u))"},
    {ldap_userdesc, "cn"}
  ]}

Please help me identify what is going wrong.
Thanks,
Sean

‹ extauth receive bad response is mod_multicast up to date? ›

When ejabberd enumerates

Submitted by mikekaganski on Thu, 2012-07-19 05:57.

When ejabberd enumerates members of some of your groups, it tries to apply the mask
"cn=%u,ou=people,o=sevenseas,dc=example,dc=com"
to values like this:
"cn=John Hallett,ou=people,o=sevenSeas,dc=example,dc=com"
If this succeed, the result would be "John Hallett". Then it would try to combine this string with server id to form proper jid:
"John Hallett@example.com"
You see that this is not a valid jid. Next, the server would try to check the jid for existance, and this would naturally fail. But if it would not, then what would be the jid of the resulting contact?
But the primary match will fail itself, as it doesn't match character runs that contain spaces.

To summarize, you cannot do this if you use the vanilla module. You may find this useful.

»
Syndicate content

User login