Re: How to remove a user from db backend?

2012-12-18 Thread Tomasz Sterna 
Dnia 2012-12-18, wto o godzinie 14:30 +0100, Guido Winkelmann pisze:
> How can I remove a user's data from the session manager if I'm using
> the db backend for storage?

Current version of jabberd 2 does not support direct modification of
authreg database. It assumes full control and authority over DB and will
not notice if data is being changed outside of server context.
It's a design decision that storage is just a dumb backend and the
server itself is authoritative and may have authoritative copies of user
data in-process.


> I'm using LDAP for authentication. If I want to remove a user, I can,
> of course, just remove him from the LDAP server to make sure he cannot
> log in anymore. However, if I do this, the users old data, like roster
> contents, subscription status to other JIDs, [...]

This is another aspect.
SM data is separate from authreg DB and will not notice authreg DB
changes.

Normally when you delete user in jabberd process, there is a user-delete
chain responsible for user data cleanup.
If you delete user manually from authreg DB, you need to cleanup session
data DB entries manually also.


-- 
Tomasz Sterna
Instant Messaging Consultant : Open Source Developer
http://tomasz.sterna.tv/  http://www.xiaoka.com/portfolio

How to remove a user from db backend?

2012-12-18 Thread Guido Winkelmann 
Hi,

How can I remove a user's data from the session manager if I'm using the db 
backend for storage?

I'm using LDAP for authentication. If I want to remove a user, I can, of 
course, just remove him from the LDAP server to make sure he cannot log in 
anymore. However, if I do this, the users old data, like roster contents, 
subscription status to other JIDs, outstanding messages for offline delivery, 
vcard and so on will still be stored in the session manager. If I now add 
another user who happens to have the same JID, he will get to see that data as 
his own.

(Possible scenario where that might happen: A user succesfully contests 
another users right to use that particular nickname on that particular 
server.)


Guido

Re: fixes register without password

2012-12-18 Thread Carlos López 

Thanks, I thought it was a failure

Greetings.

El 18/12/2012 9:10, Tomasz Sterna escribió:

Zero-length password is as valid as any other length password.

Re: fixes register without password

2012-12-18 Thread Tomasz Sterna 
Dnia 2012-12-18, wto o godzinie 00:47 +0100, Carlos López pisze:
> jabberd-2.2.17 can register without password, test with Psi.

Zero-length password is as valid as any other length password.