Hi,
I've finally been able to get it working after few modifications.
First, as I was getting an error ([error] failed loading storage module
'ldapvcard' (/usr /lib/jabberd/storage_ldapvcard.so: undefined symbol:
_ldap_get_lderrno)) while trying to use as storage ldapvcard, I removed
the extern and copied the function to storage_ldapvcard.c
Then I've also modified storage_ldapvcard.c with the idea of being able
to add the realm in the basedn line like in ldapfull. This way the realm
is appended to the user while publishing the roster.
You can find the patch attached.
Kind regards,
Oriol
On 01/12/13 17:47, Oriol Mula-Valls wrote:
Hi,
I've been using jabberd2 for more than two years in our research unit. During
this time the amount of people has increase although some people has gone.
I am tired of adding and removing people from our roster template and from our
xmpp client, pidgin. Therefore, I decided to switch to
ldapvcard and user roster-publish. However, I am facing two problems one of
them also happens with roster template.
Roster template works perfect for a new user that arribes but although all
contacts are shown, they are all off-line and user has to make a re-request
authorization for all of them. An example entry of our roster.xml is:
<item name='Oriol Mula-Valls' jid='omula@cfu.local'
subscription='both'><group>IT</group></item>
I have also this problem with roster-publish and ldapvcard.
Now that version 2.3.1 has been released with jabberd2.schema I
understand more or less how to use ldapvcard. I have loaded the
provided schema on our ldap server but I have not managed to get it working
properly.
I use uid, posixAccount and userPassword because
on the one hand the other attributes are not in the ldap schema provided and on
the other hand it would be duplicating information. This setup has the problem
that the domain is not appended to the uid attribute and therefore it doesn't
work. I tried to modified a user appending the realm to its uid (e.g.: uid:
omula@cfu.local) and it this case it worked. Nonetheless, user was offline and
authorization request was needed.
<!-- LDAPVCARD driver configuration -->
<ldapvcard>
<!-- LDAP server host and port (default: 389) -->
<uri>ldap://ldap.cfu.local/</uri>
<binddn>cn=admin,dc=cfu,dc=local</binddn>
<bindpw>XXX</bindpw>
<!-- LDAP attribute that holds the user ID (default: uid) -->
<uidattr>uid</uidattr>
<objectclass>posixAccount</objectclass>
<pwattr>userPassword</pwattr>
<!-- if you use included jabberd.schema use this:
<uidattr>jid</uidattr>
<objectclass>jabberUser</objectclass>
<pwattr>jabberPassword</pwattr> -->
<basedn>ou=users,dc=cfu,dc=local</basedn>
<groupattr>jabberPublishedGroup</groupattr>
<publishedattr>jabberPublishedItem</publishedattr>
<publishedcachettl>60</publishedcachettl>
<mapped-groups>
</mapped-groups>
</ldapvcard>
Can anyone help me to fix configuration problems, please? Thanks in advance.
Kind regards,
Oriol
--
Oriol Mula Valls
Institut Català de Ciències del Clima (IC3)
Doctor Trueta 203 - 08005 Barcelona
Tel:+34 93 567 99 77
--
Oriol Mula Valls
Institut Català de Ciències del Clima (IC3)
Doctor Trueta 203 - 08005 Barcelona
Tel:+34 93 567 99 77
--- storage/storage_ldapvcard.c 2013-10-07 15:27:54.000000000 +0000
+++ /tmp/jabberd-2.3.1/storage/storage_ldapvcard.c 2013-12-02
20:28:58.674258262 +0000
@@ -37,7 +37,6 @@
#define LDAPVCARD_SEARCH_MAX_RETRIES 1
-extern int _ldap_get_lderrno(LDAP *ld);
/** internal structure, holds our data */
typedef struct drvdata_st {
@@ -47,6 +46,7 @@
const char *binddn;
const char *bindpw;
const char *basedn;
+ const char *realm;
const char *objectclass; // objectclass of jabber users
const char *uidattr; // search attribute for users
@@ -103,6 +103,16 @@
{NULL,NULL,0}
};
+/** utility function to get ld_errno */
+static int _ldap_get_lderrno(LDAP *ld)
+{
+ int ld_errno;
+
+ ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno);
+
+ return ld_errno;
+}
+
static int processregex(char *src, const char *regex, int patterngroups, int
wantedgroup, char *dest, size_t dest_size, st_driver_t drv) {
regex_t preg;
regmatch_t pmatch[patterngroups];
@@ -269,7 +279,7 @@
const char *attrs_prg[] = { data->groupnameattr, NULL };
LDAPMessage *result, *entry;
ldapvcard_entry_st le;
- int i,ival;
+ int i,ival,realm_len,user_len;
int tried = 0;
char jid[2048], group[1024], name[2048]; // name is sn[1024] + ' ' +
initials[1024]
@@ -442,7 +452,17 @@
ldap_value_free(vals);
continue;
}
- strncpy(jid,vals[0],sizeof(jid)-1); jid[sizeof(jid)-1]='\0';
+ strncpy(jid,vals[0],sizeof(jid)-1);
+ if(data->realm) {
+ realm_len = strlen(data->realm);
+ if(realm_len > 0) {
+ user_len = strlen(jid);
+ *(jid + user_len) = '@';
+ strcpy(jid + user_len + 1, data->realm);
+ }
+ log_debug(ZONE, "data->realm: %s", data->realm);
+ }
+ jid[sizeof(jid)-1]='\0';
ldap_value_free(vals);
vals = (char **)ldap_get_values(data->ld,entry,"displayName");
@@ -554,7 +574,8 @@
DLLEXPORT st_ret_t st_init(st_driver_t drv)
{
drvdata_t data;
- const char *uri, *basedn, *srvtype_s;
+ config_elem_t basedn;
+ const char *uri, *srvtype_s, *realm;
int srvtype_i;
log_write(drv->st->log, LOG_NOTICE, "ldapvcard: initializing");
@@ -565,12 +586,16 @@
return st_FAILED;
}
- basedn = config_get_one(drv->st->config, "storage.ldapvcard.basedn", 0);
+ basedn = config_get(drv->st->config, "storage.ldapvcard.basedn");
if(basedn == NULL) {
log_write(drv->st->log, LOG_ERR, "ldapvcard: no basedn specified in
config file");
return st_FAILED;
}
+ realm = (basedn->attrs[0] != NULL) ? j_attr((const char **)
basedn->attrs[0], "realm") : NULL;
+
+ log_debug(ZONE, "realm '%s' has base dn '%s'", realm, basedn->values[0]);
+
srvtype_s = config_get_one(drv->st->config, "storage.ldapvcard.type", 0);
if( srvtype_s == NULL ) {
srvtype_i = LDAPVCARD_SRVTYPE_LDAP;
@@ -588,7 +613,8 @@
drv->private = (void *) data;
data->uri = uri;
- data->basedn = basedn;
+ data->basedn = basedn->values[0];
+ data->realm = realm;
data->srvtype = srvtype_i;
data->binddn = config_get_one(drv->st->config, "storage.ldapvcard.binddn",
0);
