ejabberd mod_shared_roster with Proper Roster Names Setup

• Updated June 6, 2017


In a previous post, I detailed how to setup ejabberd’s mod_shared_roster module to automatically create shared rosters based on LDAP groups when users login.

However, if you integrate ejabberd with an LDAP server and mod_shared_roster, the user’s proper name will not be displayed unless mod_vcard_ldap is also setup.

The following post will detail what is needed to setup LDAP authentication and configure mod_vcard_ldap.

LDAP Authentication Setup

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["matrix.example.com"]}.
%%
%% Encrypt the LDAP connection.
%% Do not verify TLS due to encrypted LDAP not working when turned on
{ldap_encrypt, tls}.
{ldap_tls_verify, false}.
{ldap_port, 636}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName"}]}.
%%
%% Search base of LDAP directory:
{ldap_base, "ou=Users,dc=matrix,dc=example,dc=com"}.
%%
%% LDAP manager:
{ldap_rootdn, "cn=isldap,ou=Service Accounts,dc=matrix,dc=example,dc=com"}.
%%
%% Password to LDAP manager:
{ldap_password, "*******"}.
%%
%% In our configuration, this could also be left blank
{ldap_filter, "(objectClass=organizationalPerson)"}.

mod_vcard_ldap Configuration

I have included additional module configurations to show that they are blank or disabled.

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

{mod_roster,   []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats,    []},
{mod_time,     []},
%%{mod_vcard,    []},
{mod_vcard_ldap,
[
%% Now we want to define vCard pattern
{ldap_vcard_map,
 [{"NICKNAME", "%s %s", ["givenName", "sn"]},
  {"FIRST", "%s", ["givenName"]},
  {"LAST", "%s", ["sn"]},
  {"FN", "%s, %s", ["sn", "givenName"]},
  {"EMAIL", "%s", ["mail"]}]},
%% Search form
{ldap_search_fields,
 [{"User", "%u"},
  {"Name", "givenName"},
  {"Family Name", "sn"},
  {"Email", "mail"}]},
%% vCard fields to be reported
%% Note that JID is always returned with search results
{ldap_search_reported,
 [{"Full Name", "FN"},
  {"Nickname", "NICKNAME"}]}
]},

References

tags

active-directory (1)


ads (1)


aix (2)


ambient-noise (1)


amd (2)


android (1)


ansible (6)


apache (2)


api (2)


apple (7)


apple-tv (1)


apt (1)


awk (1)


bash (1)


bittorrent (2)


bootstrap (3)


centos (7)


cheat-sheet (14)


chef (1)


chromeos (1)


cloud (1)


cmatrix (1)


cobbler (3)


cowboy-bebop (1)


curl (1)


darwin-streaming-server (1)


datadog (1)


ddclient (1)


debian (2)


dell (3)


development (2)


diagrams (2)


disqus (1)


dlna (1)


dns (1)


docker (1)


documentation (153)


doxie (2)


dvdbackup (1)


ejabberd (2)


exiftool (1)


fedora (6)


ffmpeg (2)


filevault (1)


find (1)


firefly (1)


git (1)


glance (1)


gluster (2)


gnome (1)


golang (1)


google-app-engine (2)


google-chrome (1)


google-chromecast (1)


google-cloud-dns (1)


google-cloud-functions (1)


google-cloud-platform (5)


google-cloud-pubsub (1)


google-drive (1)


google-kubernetes-engine (1)


handbrake (1)


icloud (2)


idrac (3)


imagemagick (1)


ios (3)


iphone (3)


iscsi (1)


java (1)


javascript (1)


jekyll (6)


jquery (3)


json (3)


kerberos (1)


keystone (1)


kickstart-profiles (7)


kubernetes (2)


kvm (2)


ldap (6)


lego (1)


lets-encrypt (1)


linux (18)


macbook (3)


macos (2)


markdown (1)


mdadm (1)


mechanical-keyboards (1)


megacli (1)


microdata (1)


msi-gs65-stealth-thin (2)


mysql (1)


namecheap (1)


networking (1)


neutron (2)


nfs (1)


nova-network (2)


openssl (2)


openstack (21)


opinions (9)


os-x (4)


os-x-mavericks (1)


os-x-mountain-lion (2)


os-x-yosemite (6)


parted (1)


preseed (1)


python (4)


quantum (1)


racadm (2)


rackspace-private-cloud (3)


raid (2)


red-hat (8)


red-hat-satellite-server (2)


reviews (7)


rfid (1)


rhel (7)


rpm (1)


rss (1)


safari (1)


samsung (1)


scp (1)


scsi (1)


security (3)


sed (1)


seo (2)


shell (10)


skippy (2)


snappass (1)


solaris (3)


spotlight (1)


ssd (2)


ssh (1)


sshpass (1)


ssl (1)


sssd (1)


stackdriver (1)


star-wars (1)


steam (1)


storage (1)


support (2)


swift (6)


terminal (1)


thinkpad (1)


transmission (2)


troubleshooting (1)


ubuntu (9)


usb-c (1)


vagrant (11)


varnish (2)


virtualbox (8)


vmware-fusion (10)


wallets (1)


web-analytics (1)


wifi (1)


windows (2)


windows-10 (1)


windows-7 (2)


windows-server (1)


world-of-warcraft (1)


xrdp (1)


xserver (1)


zfs (1)