I've sucessfully set up LDAP authentication with ejabberd, with automatic account creation. It seems to be working well. Password changes in LDAP afect authentication in ejabberd .. all very good. I have a couple of questions:
1. Is it possible to have internal authentication and LDAP authentication at the same time. My initial attempts failed to get htis to work.
2. When I change the config back to using internal auth ... that is ...
FROM:
%{auth_method, internal}.
{auth_method, ldap}.
{ldap_servers, ["localhost"]}.
{ldap_uidattr, "uid"}.
{ldap_base, "dc=intranet,dc=mycompany,dc=org,dc=au"}.
{ldap_rootdn, "cn=admin,dc=mycompany,dc=org,dc=au"}.
{ldap_password, "whateversecret"}.
TO:
{auth_method, internal}.
%{auth_method, ldap}.
%{ldap_servers, ["localhost"]}.
%{ldap_uidattr, "uid"}.
%{ldap_base, "dc=intranet,dc=wilderness,dc=org,dc=au"}.
%{ldap_rootdn, "cn=admin,dc=wilderness,dc=org,dc=au"}.
%{ldap_password, "whateversecret"}.
sand restart the server, my LDAP-based users still authenticate correctly AND I see activity in the LDAP server's log requesting authentication. I wasn't expecting the latter at least. Is this behaviour by design?
This is likely due to the
This is likely due to the fact that ejabberd stores its config settings in an internal database, and changes you make to the config file are only added. That is, when you first run ejabberd, it takes the config file information in ejabberd.cfg and populates a database with the information. If you later change the config file by adding new information, the new information is added but the old is not really removed.
What you likely want to do is add the following lines to the top of your config file:
override_global.
override_local.
override_acls.
This will effectively override what's in the config database and use the data from the config file only. See the following for details:
Turns out I had another
Turns out I had another jabber server (jabberd2) running that was also using LDAP, and that was what was causing the confusion. DOH! But thanks for adding to my knowledge of the config file.
Which leaves the other question about multiple authentication sources eg. internal + LDAP .. is that possible?
Hi thanks Both LDAP and
Hi
thanks
Both LDAP and Internal Auth working
Re: LDAP curiosity
1. Is it possible to have internal authentication and LDAP authentication at the same time. My initial attempts failed to get htis to work.
When only one method is specified the syntax is:
{auth_method, internal}.The ejabberd guide shows a different syntax on :
{auth_method, [anonymous, internal]}.Call me optimistic, but with some luck maybe this works:
{auth_method, [internal, ldap]}.If you try it, please post a comment with the results.