Re: updated patch? append realm to ldap uid (LDAP Rosters and vCards Patch)

2009-10-23 Thread Tomasz Sterna 
Dnia 2009-10-22, czw o godzinie 11:09 -0700, Justin Pryzby pisze:
 Is there an updated implementation of this feature (append @realm to
 ldap usernames to get full JID)?
 http://article.gmane.org/gmane.network.jabber.jabberd/1057 

This patch is already integrated in 2.2 line.


-- 
Tomasz Sterna
Instant Messaging  EDI Consultant
Open Source Developer
http://tomasz.sterna.tv/  http://www.xiaoka.com/


-- 
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com

Re: LDAP roster population

2009-10-23 Thread Justin Pryzby 
Hi Ian,

Here's sm.xml for a server I'm setting up with working ldap roster
population.

Roster isn't commented: since we're transitioning from an old 1.4
server, I want the old server JIDs added when users sign on to the new
server, for the first time only.

Note that I also hacked the source to not require valid=TRUE or
publishedattr=TRUE properties (ldap is active directory here).

Note that objects must have groupattr set, otherwise they won't be
added.

I haven't played with check-remove-domain yet.

WRT fix-subscriptions, I don't understand what as for now, both
means.

Justin


!-- Session manager configuration --
sm
  !-- Our ID on the network. Users will have this as the domain part of
   their JID. If you want your server to be accessible from other
   Jabber servers, this ID must be FQDN resolvable by DNSes --
  idxmpp.norchemlab.com/id

  !-- The process ID file. Comment this out if you don't need to know
   the process ID from outside the process (eg for control scripts) --
  pidfile/var/run/jabberd2/sm.pid/pidfile

  !-- Router connection configuration --
  router
!-- IP/port the router is waiting for connections on --
ip127.0.0.1/ip!-- default: 127.0.0.1 --
port5347/port !-- default: 5347 --

!-- Username/password to authenticate as --
userjabberd/user  !-- default: jabberd --
pass/pass   !-- default: secret --

!-- File containing an SSL certificate and private key to use when
 setting up an encrypted channel with the router. From
 SSL_CTX_use_certificate_chain_file(3): The certificates must be
 in PEM format and must be sorted starting with the subject's
 certificate (actual client or server certificate), followed
 by intermediate CA certificates if applicable, and ending
 at the highest level (root) CA (the latter one being optional).
 If this is commented out, or the file can't be read, no attempt
 will be made to establish an encrypted channel with the router. --
!--
pemfile/etc/jabberd2/server.pem/pemfile
--

!-- Router connection retry --
retry
  !-- If the connection to the router can't be established at
   startup, we should try again this many times before exiting.
   Use -1 to retry indefinitely. [default: 3] --
  init3/init

  !-- If we lost the connection to the router during normal
   operation (ie we've successfully connected to the router in
   the past), we should try to reconnect this many times before
   exiting. Use -1 to retry indefinitely. [default: 3] --
  lost3/lost

  !-- Sleep for this many seconds before trying attempting a
   reconnect. [default: 2] --
  sleep2/sleep
/retry
  /router

  !-- Log configuration - type is syslog, file or stdout --
  log type='file'
!-- If logging to syslog, this is the log ident --
identjabberd/sm/ident

!-- If logging to syslog, this is the log facility
 (local0 - local7)[default: local3] --
facilitylocal3/facility

!-- If logging to file, this is the filename of the logfile --

file/var/log/jabberd2/sm.log/file

  /log

  !-- Storage database configuration --
  storage
!-- Dynamic storage modules path --
path/usr/lib/jabberd/path

!-- By default, we use the MySQL driver for all storage --
drivermysql/driver
!-- fs db --

!-- Its also possible to explicitly list alternate drivers for
 specific data types. --

!-- Store vcards in a ldapvcard database instead --
!--
driver type='vcard'ldapvcard/driver
--

!-- Read mapping for group id - group name from ldap.
 Used by mod_published_roster.
 See ldapvcard section for options.
 When resolving group id to group name, it searches for
 groupsobjectclass objects at groupsdn base using group id
 (in groupsidattr) as key and returns the first value of 
 groupattr of first found entry.
 E.g.. in general case, if group id is some-dep, and groupsdn
 is o=org, and class is jabberGroup, it searches for
 ((objectClass=jabberGroup)(cn=some-dep)) and returns value of
 jabberPublishedItem attribute, which may contain textual description.
 --
!--
driver type='published-roster-groups'ldapvcard/driver
--
driver type='published-roster'ldapvcard/driver

!-- MySQL driver configuration --
mysql
  !-- Database server host and port --
  hostkenny/host
  port3306/port

  !-- Database name --
  dbnamejabber/dbname

  !-- Database username and password --
  userjabber/user
  pass/pass

  !-- Transacation support. If this is commented out, transactions
   will be disabled. This might make database accesses faster,
   but data may be lost if jabberd crashes.

   This will need to be

Re: updated patch? append realm to ldap uid (LDAP Rosters and vCards Patch)

2009-10-23 Thread Justin T Pryzby 
On Fri, Oct 23, 2009 at 04:22:43PM +0200, Tomasz Sterna wrote:
 Dnia 2009-10-22, czw o godzinie 11:09 -0700, Justin Pryzby pisze:
  Is there an updated implementation of this feature (append @realm to
  ldap usernames to get full JID)?
  http://article.gmane.org/gmane.network.jabber.jabberd/1057 
 
 This patch is already integrated in 2.2 line.
Are you sure?  Perhaps we're talking about different things.  I'm
running 2.2.8 recompiled ubuntu karmic.

I know there's a c2s ldap option (authreg_ldap) append-realm,
which is apparently deprecated in favour of query.../query.  That
means you can have a UID of justinp and query for ldap user with
uid==just...@xmpp.norchemlab.com.

However I'm referring to an storage_ldapvcard patch, which does kind
of the opposite.  When querying ldap for dynamically populating users'
roster, ldap has the username.  But (instead of creating a new ldap
attribute called JabberID), append the realm to the username before
storing it in the roster.

No?

Justin

-- 
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com

bad logic for ldap roster display name?

2009-10-23 Thread Justin T Pryzby 
The display name logic in storage_ldapvcard seems broken, no?

if (surname defined)
jabber display name = surname (sn)
if (initials defined)
append initials
else if (displayName exists)
jabber display name = displayName
else
jabber display name = JID (just...@xmpp.norchemlab.com)


It seems wrong that, with an ldap displayName set, I appeared as Pryzby T and
not as Justin Pryzby.

I patched it to do the right thing in our environment, it would seem to me it's
right in most (?).

|   vals = (char **)ldap_get_values(data-ld, entry, displayName);
|   if (ldap_count_values(vals)0) {
|   strncpy(name, vals[0], 1023);
|   name[1023]='\0';
|   } else {
|   ldap_value_free(vals);
|   vals = (char **)ldap_get_values(data-ld, entry, sn);
|   if (ldap_count_values(vals)0) {
|   strncpy(name, vals[0], sizeof(name)-1);
|   name[sizeof(name)-1]='\0';
|   ldap_value_free(vals);
|
|   vals = (char **)ldap_get_values(data-ld, entry, initials);
|   if (ldap_count_values(vals)0) {
|   strncat(name,  , 1023);
|   strncat(name, vals[0], 1023);
|   }
|   } else {
|   strncpy(name, jid, sizeof(name)-1);
|   name[sizeof(name)-1]='\0';
|   }
|   }
|   ldap_value_free(vals);

I haven't tested the alternate paths, but if it's deemed useful, I'll do so and
provide a real patch.

Justin

-- 
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com