Hi Ian,
Here's sm.xml for a server I'm setting up with working ldap roster
population.
Roster isn't commented: since we're transitioning from an old 1.4
server, I want the old server JIDs added when users sign on to the new
server, for the first time only.
Note that I also hacked the source to not require valid=TRUE or
publishedattr=TRUE properties (ldap is active directory here).
Note that objects must have groupattr set, otherwise they won't be
added.
I haven't played with check-remove-domain yet.
WRT fix-subscriptions, I don't understand what as for now, both
means.
Justin
!-- Session manager configuration --
sm
!-- Our ID on the network. Users will have this as the domain part of
their JID. If you want your server to be accessible from other
Jabber servers, this ID must be FQDN resolvable by DNSes --
idxmpp.norchemlab.com/id
!-- The process ID file. Comment this out if you don't need to know
the process ID from outside the process (eg for control scripts) --
pidfile/var/run/jabberd2/sm.pid/pidfile
!-- Router connection configuration --
router
!-- IP/port the router is waiting for connections on --
ip127.0.0.1/ip!-- default: 127.0.0.1 --
port5347/port !-- default: 5347 --
!-- Username/password to authenticate as --
userjabberd/user !-- default: jabberd --
pass/pass !-- default: secret --
!-- File containing an SSL certificate and private key to use when
setting up an encrypted channel with the router. From
SSL_CTX_use_certificate_chain_file(3): The certificates must be
in PEM format and must be sorted starting with the subject's
certificate (actual client or server certificate), followed
by intermediate CA certificates if applicable, and ending
at the highest level (root) CA (the latter one being optional).
If this is commented out, or the file can't be read, no attempt
will be made to establish an encrypted channel with the router. --
!--
pemfile/etc/jabberd2/server.pem/pemfile
--
!-- Router connection retry --
retry
!-- If the connection to the router can't be established at
startup, we should try again this many times before exiting.
Use -1 to retry indefinitely. [default: 3] --
init3/init
!-- If we lost the connection to the router during normal
operation (ie we've successfully connected to the router in
the past), we should try to reconnect this many times before
exiting. Use -1 to retry indefinitely. [default: 3] --
lost3/lost
!-- Sleep for this many seconds before trying attempting a
reconnect. [default: 2] --
sleep2/sleep
/retry
/router
!-- Log configuration - type is syslog, file or stdout --
log type='file'
!-- If logging to syslog, this is the log ident --
identjabberd/sm/ident
!-- If logging to syslog, this is the log facility
(local0 - local7)[default: local3] --
facilitylocal3/facility
!-- If logging to file, this is the filename of the logfile --
file/var/log/jabberd2/sm.log/file
/log
!-- Storage database configuration --
storage
!-- Dynamic storage modules path --
path/usr/lib/jabberd/path
!-- By default, we use the MySQL driver for all storage --
drivermysql/driver
!-- fs db --
!-- Its also possible to explicitly list alternate drivers for
specific data types. --
!-- Store vcards in a ldapvcard database instead --
!--
driver type='vcard'ldapvcard/driver
--
!-- Read mapping for group id - group name from ldap.
Used by mod_published_roster.
See ldapvcard section for options.
When resolving group id to group name, it searches for
groupsobjectclass objects at groupsdn base using group id
(in groupsidattr) as key and returns the first value of
groupattr of first found entry.
E.g.. in general case, if group id is some-dep, and groupsdn
is o=org, and class is jabberGroup, it searches for
((objectClass=jabberGroup)(cn=some-dep)) and returns value of
jabberPublishedItem attribute, which may contain textual description.
--
!--
driver type='published-roster-groups'ldapvcard/driver
--
driver type='published-roster'ldapvcard/driver
!-- MySQL driver configuration --
mysql
!-- Database server host and port --
hostkenny/host
port3306/port
!-- Database name --
dbnamejabber/dbname
!-- Database username and password --
userjabber/user
pass/pass
!-- Transacation support. If this is commented out, transactions
will be disabled. This might make database accesses faster,
but data may be lost if jabberd crashes.
This will need to be