Hello,

First of: a big thank you for creating Prosody - I have been using it for 
some months now (in a 'lightweight configuration') and it is rocksolid. 
That is why I wanted to implement it for our local service club, hoping 
that also the more advanced features would be easily configurable - but I 
seem to have failed with mod_storage_ldap:

I have:
1. Commented out mod_groups
2. Downloaded ldap.lib.lua and ldap/vcard.lua
3. Configured the ldap-section of my Virtualhost:
plugin_paths = { "/usr/lib/prosody/modules/","/etc/prosody/modules/" };
--groups_file = "/etc/prosody/sharedgroups.txt";

VirtualHost "domain"
  enabled = true;
  storage = "ldap"
  debug = true;

  modules_enabled = {
    "csi";
    "carbons";
--    “cloud_notify”;
    "smacks";
    "lastactivity";
    "offline";
    "http";
    "http_upload";
    "pubsub";
    "pubsub_feeds";
    "storage_ldap";
  }

  ldap = {
    hostname = '127.0.0.1',
    bind_dn = 'uid=uname,ou=people,dc=domain,dc=be',
    bind_password = 'secret',
    use_tls = true,

    user = {
      usernamefield = 'uid',
      basedn = 'ou=people,dc=domain,dc=be',
      filter = 'objectClass=posixAccount',
      namefield = 'displayName',
    },

    groups = {
      memberfield = 'member',
      namefield = 'cn',
      basedn = 'ou=groups,dc=domain,dc=be',

      {
        name  = 'Leden',
        cn    = 'leden',
        admin = false,
      },
      {
        name  = 'Beheerders',
        cn    = 'beheerders',
        admin = true,
      },
    },

    vcard_format = {
      displayname = 'cn',
      nickname = 'displayName',
      title = 'title',
      telephone = {
        {
          work = 'telephoneNumber',
        }
      },
      address = {
        work = {
          street = 'street',
          locality = 'l',
          ctry = 'c',
        },
      },
      email = {
        internet = {
          userid = 'mail',
        },
      },
    },
  }

  ssl = {
    key = "/etc/letsencrypt/live/<domain>/privkey.pem";
    certificate = "/etc/letsencrypt/live/<domain>/fullchain.pem";
  }

4. Edited the mod_storage_ldap.lua because I am using rfc2307bis in our 
LDAP dir (PosixAccount combined with GroupOfNames):
----------------------------------------
-- Roster Storage Implementation --
----------------------------------------

--inserted
function vvhsplit(source, delimiters)
    local elements = {}
    local pattern = '([^'..delimiters..']+)'
    string.gsub(source, pattern, function(value) elements[#elements + 1] = 
    value;  end);
    return elements
end
--end inserted

function adapters.roster:get(username)
    local ld = ldap.getconnection();
    local contacts = {};

--inserted
    local memberelements = vvhsplit(params.groups.memberfield,",=");
    local memberfield = memberelements[1];

--    local memberfield = params.groups.memberfield;
--end inserted

5. Restarted Prosody with debug logging

Result: The client does not show any LDAP contacts, while I don't receive 
any error in the serverlogs.
Note: The SharedGroups.txt is generated from the LDAP server with the 
following PHP-script that I have adapted and is working perfectly:
#!/usr/bin/php
<?php
/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014 Adam M. Mohr, booshire.com
 *
 * Permission is hereby granted, free of charge, to any person obtaining a 
copy
 * of this software and associated documentation files (the "Software"), to 
deal
 * in the Software without restriction, including without limitation the 
rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included 
in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 
THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 * */

// FYI - This script makes a lot of assumptions about your openLDAP 
structure being fairly default
// you may need to update some of this to fit your individual needs. Use 
ldapsearch -LLL to get a
// basic dump of your schema output to verify if things are not working 
correctly
// Make sure you have php-ldap installed!

//LDAP Connection Settings
  $ldap_host = "127.0.0.1";        //LDAP host IP to query
  $ldap_port = "389";            //Port for LDAP queries, default is 389
  $base_dn = "dc=domain,dc=be";
  $use_start_tls = TRUE;
  $binddn = "uid=uname,ou=people,dc=domain,dc=be";
  $bindpw = "secret";
  $domain = "domain";    //domain to append to users when writing data, 
should equal the
  $groupMemberAttribute = "member";    //this changes per LDAP instance, 
usually member or memberUid
  $groupFilterAttribute = "PosixGroup";    //this is the filter for the 
group type, PosixGroup is default for openLdap
  $userFilterAttribute = "PosixAccount";    //this is the filter for the 
user type, PosixAccount is default for opeLdap, or inetPerson
  $userNameAttribute = "uid";        //this is the username attribute, 
usually is uid but can also be cn I believe
  $userAttribute = "uid";

//LDAP connection and binding strings
  $connect = ldap_connect($ldap_host,$ldap_port) or die("Cannot connect to 
LDAP server".ldap_error($connect));
  ldap_set_option($connect,LDAP_OPT_PROTOCOL_VERSION, 3); //may need to 
change this but v3 is default now
  if( TRUE == $use_start_tls) { ldap_start_tls($connect); }
  $bind = ldap_bind($connect, $binddn, $bindpw) or die("Cannot bind to 
{$base_dn} LDAP".ldap_error($connect));

//LDAP Group search settings
  $groupFilter = "(&(objectClass={$groupFilterAttribute})(cn=*))";
  $groupAttributes = array('cn',$groupMemberAttribute);
  $groupSearch = ldap_search($connect, $base_dn, $groupFilter, 
$groupAttributes) or die("Unable to search {$base_dn}".ldap_error($connect
));
  $groupData = ldap_get_entries($connect, $groupSearch) or die("Unable to 
get LDAP entries".ldap_error($connect));

//LDAP USER search settings
  foreach( $groupData as $group )
  {
    if( !isset( $group[$groupMemberAttribute] ) )
    {
      continue;
    }
    else
    {
      echo "\n[+{$group['cn']['0']}]\n";
      $userSearch = ldap_read( $connect, "{$group['dn']}", "(objectclass=*)"
, array( $groupMemberAttribute ) );
      $sr = ldap_get_entries( $connect, $userSearch );
      foreach( $sr[0]['member'] as $key )
      {
    if( is_numeric($key) )
        {
          continue;
        }
    $memberSearch = ldap_read( $connect, "{$key}", "(objectclass=*)", array(
"uid","displayname") );
        $srm = ldap_get_entries( $connect, $memberSearch );
        foreach( $srm as $keym )
        {
          if( !isset($keym['uid'][0]) )
          {
            continue;
          }
          echo $keym['uid'][0]."@{$domain}={$keym['displayname'][0]}\n";
        }
      }
    }
  }

//    print_r($groupData);
?>


Thank you!
Kr,
Vincent

-- 
You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to