Thanks Rob, I am slowly trying to work through it. I have however run into another speed bump with the ldap plugins...I can't seem to connect to an external ldap server using tls/port 636.
If I run an ldapsearch *below* (ldap-utils) from the prosody box to external ldap server, results are returned as expected: *ldapsearch -H ldaps://ld1.example.com:636 -D "cn=admin,dc=example,dc=com" -w "password" -b "ou=domains,ou=groups,dc=example,dc=com" "(&(objectclass=posixgroup)(memberUid=testuser))"* If I use cyrus sasl for ldap authentication with prosody, registration works fine over tls/636, but then I cant use ldap for roster, or vcard this way. Also connecting to external server over port 389 *insecurely*, everything works too. Here is my config: http://pastebin.com/c6Z11yV8 Can anyone point me in the right direction? Thanks for looking! On Saturday, December 14, 2013 1:28:26 PM UTC-8, Rob Hoelz wrote: > > The change wouldn't actually be that bad; you just need to find the > relevant portions of mod_ldap_auth2 and mod_storage_ldap that refer to > the memberfield of the user. > > On Sat, 14 Dec 2013 12:47:43 -0800 (PST) > John T <c1nc...@gmail.com <javascript:>> wrote: > > > Hi Rob, > > > > Now that I think through it the change to groupofnames should be a > > pretty simple hack, I think? > > > > First the only change in the ldap-config would be the change the > > value of "memberfield" to *member* from *memberUid* like so: > > > > groups = { > > basedn = 'ou=groups,dc=example,dc=com', -- The base DN > > where group records can be found > > memberfield = '*member*', > > namefield = 'cn', > > > > this should return something like : > > "*cn=user1,ou=people,dc=example,dc=com*" -- vs posix memberUid : > > "*user1*" > > > > Would it be as simple as using a regex to strip "cn=" and everything > > after and including the first comma? > > > > Does this sound right? Or am I way off? > > > > -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to prosody-dev+unsubscr...@googlegroups.com. To post to this group, send email to prosody-dev@googlegroups.com. Visit this group at http://groups.google.com/group/prosody-dev. For more options, visit https://groups.google.com/groups/opt_out.
