-
Notifications
You must be signed in to change notification settings - Fork 127
Installation: Archipel and LDAP
eLvErDe edited this page Mar 29, 2012
·
5 revisions
If you want to use Archipel and (Open)LDAP, add this to your ejabberd configuration:
####### LDAP Authentication
{auth_method, [internal,ldap]}. % We need both internal (jabber admin, hypervisor account) and LDAP auth
{ldap_servers, ["localhost"]}.
{ldap_encrypt, none}.
{ldap_port, 389}.
{ldap_base, "ou=People,dc=example,dc=com"}.
{ldap_uids, [{"uid"}]}.
{ldap_filter, "(&(objectClass=posixAccount)(gidNumber=10001)(!(loginShell=/bin/false)))"}. % Filter against primary group (in my case, this primary group means "employee") and disabled account (marked with /bin/false shell)
###### LDAP Shared Roster against a specific ldap group
{mod_shared_roster_ldap,[
{ldap_base, "dc=example,dc=com"},
{ldap_rfilter, "(&(objectClass=posixGroup)(cn=allusers))"}, % Only LDAP group "cn=allusers" will be used, otherwise all groups and all users with be shown as rosters
{ldap_filter, ""},
{ldap_gfilter, "(&(objectClass=posixGroup)(cn=%g))"}, % Matches all LDAP groups
{ldap_groupdesc, "description"},
{ldap_memberattr, "memberUid"},
{ldap_memberattr_format, "%u"},
{ldap_ufilter, "(&(objectClass=posixAccount)(gidNumber=10001)(!(loginShell=/bin/false))(uid=%u))"}, % See above for details
{ldap_userdesc, "displayName"}
]},