Thanks Rob, I am slowly trying to work through it.

I have however run into another speed bump with the ldap plugins...I can't 
seem to connect to an external ldap server using tls/port 636.

If I run an ldapsearch *below* (ldap-utils) from the prosody box to 
external ldap server, results are returned as expected:

*ldapsearch -H ldaps:// -D "cn=admin,dc=example,dc=com" 
-w "password" -b "ou=domains,ou=groups,dc=example,dc=com" 

If I use cyrus sasl for ldap authentication with prosody, registration 
works fine over tls/636, but then I cant use ldap for roster, or vcard this 

Also connecting to external server over port 389 *insecurely*, everything 
works too.

Here is my config:

Can anyone point me in the right direction?

Thanks for looking!

On Saturday, December 14, 2013 1:28:26 PM UTC-8, Rob Hoelz wrote:
> The change wouldn't actually be that bad; you just need to find the 
> relevant portions of mod_ldap_auth2 and mod_storage_ldap that refer to 
> the memberfield of the user. 
> On Sat, 14 Dec 2013 12:47:43 -0800 (PST) 
> John T < <javascript:>> wrote: 
> > Hi Rob, 
> > 
> > Now that I think through it the change to groupofnames should be a 
> > pretty simple hack, I think? 
> > 
> > First the only change in the ldap-config would be the change the 
> > value of "memberfield" to *member* from *memberUid* like so: 
> > 
> >     groups = { 
> >       basedn      = 'ou=groups,dc=example,dc=com', -- The base DN 
> > where group records can be found 
> >       memberfield = '*member*', 
> >       namefield   = 'cn', 
> > 
> > this should return something like : 
> > "*cn=user1,ou=people,dc=example,dc=com*" -- vs posix memberUid : 
> > "*user1*" 
> > 
> > Would it be as simple as using a regex to strip "cn=" and everything 
> > after and including the first comma? 
> > 
> > Does this sound right? Or am I way off? 
> > 

You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to