Hi John,

What does your prosody configuration look like?  Do you have use_tls
set in the ldap section?  (Probably not, as I just realized that this
option is undocumented!)

-Rob

On Wed, 18 Dec 2013 16:38:44 -0800 (PST)
John T <c1nco...@gmail.com> wrote:

> Thanks Rob, I am slowly trying to work through it.
> 
> I have however run into another speed bump with the ldap plugins...I
> can't seem to connect to an external ldap server using tls/port 636.
> 
> If I run an ldapsearch *below* (ldap-utils) from the prosody box to 
> external ldap server, results are returned as expected:
> 
> *ldapsearch -H ldaps://ld1.example.com:636 -D
> "cn=admin,dc=example,dc=com" -w "password" -b
> "ou=domains,ou=groups,dc=example,dc=com"
> "(&(objectclass=posixgroup)(memberUid=testuser))"*
> 
> If I use cyrus sasl for ldap authentication with prosody,
> registration works fine over tls/636, but then I cant use ldap for
> roster, or vcard this way.
> 
> Also connecting to external server over port 389 *insecurely*,
> everything works too.
> 
> Here is my config:
> http://pastebin.com/c6Z11yV8
> 
> 
> Can anyone point me in the right direction?
> 
> Thanks for looking!
> 
> 
> On Saturday, December 14, 2013 1:28:26 PM UTC-8, Rob Hoelz wrote:
> >
> > The change wouldn't actually be that bad; you just need to find the 
> > relevant portions of mod_ldap_auth2 and mod_storage_ldap that refer
> > to the memberfield of the user. 
> >
> > On Sat, 14 Dec 2013 12:47:43 -0800 (PST) 
> > John T <c1nc...@gmail.com <javascript:>> wrote: 
> >
> > > Hi Rob, 
> > > 
> > > Now that I think through it the change to groupofnames should be
> > > a pretty simple hack, I think? 
> > > 
> > > First the only change in the ldap-config would be the change the 
> > > value of "memberfield" to *member* from *memberUid* like so: 
> > > 
> > >     groups = { 
> > >       basedn      = 'ou=groups,dc=example,dc=com', -- The base DN 
> > > where group records can be found 
> > >       memberfield = '*member*', 
> > >       namefield   = 'cn', 
> > > 
> > > this should return something like : 
> > > "*cn=user1,ou=people,dc=example,dc=com*" -- vs posix memberUid : 
> > > "*user1*" 
> > > 
> > > Would it be as simple as using a regex to strip "cn=" and
> > > everything after and including the first comma? 
> > > 
> > > Does this sound right? Or am I way off? 
> > > 
> >
> >
> 

-- 
You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to