From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-ExtScanner: BCL X-AntiVirus: Checked by BCL anti-virus systems (http://www.bcltele.com) X-Complaints-To: abuse@bcltele.com Message-ID: <4279BA5E.7030002@13.net.ru> Date: Thu, 05 May 2005 10:17:02 +0400 From: =?KOI8-R?Q?=ED=C1=D2=CB=C5=CC=CF=D7_=E1=CC=C5=CB=D3=C1=CE=C4=D2?= User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: ru-ru, ru MIME-Version: 1.0 To: community@altlinux.ru Subject: Re: [Comm] Re: ejabberd =?KOI8-R?Q?=D5_=CB=CF=C7=CF_=CE=C9=C2?= =?KOI8-R?Q?=D5=C4=D8_=D3=D4=CF=C9=D4_=3F?= References: <4270B529.4050302@mail.ru> <200505041935.22727.alt@zlt.ru> <20050504144335.GN22379@osdn.org.ua> <200505042142.32069.alt@zlt.ru> In-Reply-To: <200505042142.32069.alt@zlt.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: community@altlinux.ru List-Id: Mailing list for ALT Linux users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 06:18:31 -0000 Archived-At: List-Archive: List-Post: max пишет: > В сообщении от 4 Май 2005 20:43 Michael Shigorin написал(a): > >>On Wed, May 04, 2005 at 07:35:22PM +0600, max wrote: >> >>>>И не просто работает, а даже пользователей в ldap ищет а так >>>>же проводит аунтификацию тем же способом, через ldap. >>> >>>Очень интересная тема. Где почитать про подобное можно? >> >>Писать (и читать) лучше здесь: >>http://lists.osdn.org.ua/wws/info/isp-list >>http://lists.osdn.org.ua/wws/info/openldap > > > Похоже что туда только писать можно, потому что ничего подобного там не нашёл. > Поделитесь лучше своими конфигами. Так же рекомендуется http://ejabberd.jabber.ru а так же маил лист там же . С ejabberd все в полне просто, и никаких танцев с бубнов производить не надо. Но есть один момент если хочется использовать схему ejabberd + ldap, дело в том, что в релизе ejabberd-0.9 поломали модуль mod_vcard_ldap, который отвечает за поиск пользователей (Jabber User Directory, JUD) ну а так же за отображение vCard пользователя. Так вот поиск и не работает, это было поправлено в svn релизе 332, так что, если все же хочется использовать вместе с ldap, то необходимо пересобрать ejabberd из svn. Вся настройка же сводится к внимательному прочтению /etc/ejabberd/ejabberd.cfg, и если мне не изменяет память, к изменению 1-2 параметров. Прежде всего задание названия хоcта в директиве hosts. Вот мой рабочий конфиг: % Default Debian ejabberd.cfg %override_acls. % Users that have admin access. Add line like one of the following after you % will be successfully registered on server to get admin access: {acl, admin, {user, "admin"}}. % Blocked users: %{acl, blocked, {user, "test"}}. % Local users: {acl, local, {user_regexp, ""}}. % Another examples of ACLs: %{acl, jabberorg, {server, "jabber.org"}}. %{acl, aleksey, {user, "aleksey", "jabber.ru"}}. %{acl, test, {user_regexp, "^test"}}. %{acl, test, {user_glob, "test*"}}. % Only admins can use configuration interface: {access, configure, [{allow, admin}]}. % Every username can be registered via in-band registration: {access, register, [{allow, all}]}. % None username can be registered via in-band registration: %{access, register, [{deny, all}]}. % After successful registration user will get message with following subject % and body: {welcome_message, {"Welcome!", "Welcome to ALT Linux Jabber Service hosted on ejabberd server. " "For information about Jabber visit http://jabber.org"}}. % Replace them with 'none' if you don't want to send such message: %{welcome_message, none}. % List of people who will get notifications about registered users %{registration_watchers, ["admin1@localhost", % "admin2@localhost"]}. % Only admins can send announcement messages: {access, announce, [{allow, admin}]}. % Only non-blocked users can use c2s connections: {access, c2s, [{deny, blocked}, {allow, all}]}. % Set shaper with name "normal" to limit traffic speed to 1000B/s {shaper, normal, {maxrate, 1000}}. % Set shaper with name "fast" to limit traffic speed to 50000B/s {shaper, fast, {maxrate, 50000}}. % For all users except admins used "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. % For all S2S connections used "fast" shaper {access, s2s_shaper, [{fast, all}]}. % Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. % All users are allowed to use MUC service: {access, muc, [{allow, all}]}. % This rule allows access only for local users: {access, local, [{allow, local}]}. % Authentification method. If you want to use internal user base, then use % this line: %{auth_method, internal}. % For LDAP uthentification use these lines instead of above one: {auth_method, ldap}. {ldap_servers, ["localhost"]}. % List of LDAP servers {ldap_uidattr, "uid"}. % LDAP attribute that holds user ID {ldap_base, "ou=users,dc=workzone,dc=spb,dc=ru"}. % Base of LDAP directory {ldap_rootdn, "cn=ejabberdldapaccount,dc=workzone,dc=spb,dc=ru"}. {ldap_password, "ldappassowrd"}. % Host name: (replace for your hostname) {hosts, ["workzone.spb.ru"]}. % Default language for server messages {language, "en"}. % Listened ports: {listen, % Ordinary client-2-server service [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]}, % SSL-enabled client-2-server service {5223, ejabberd_c2s, [{access, c2s}, ssl, {certfile, "/var/lib/ssl/certs/ejabberd.pem"}]}, % Server-2-server service {5269, ejabberd_s2s_in, [{shaper, s2s_shaper}]}, % External MUC jabber-muc (but internal mod_muc is better :)) % {5554, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {host, "muc.localhost", [{password, "secret"}]}]}, % Jabber ICQ Transport % {5555, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {hosts, ["icq.workzone.spb.ru", "sms.workzone.spb.ru"], [{password, "123"}]}]}, % AIM Transport % {5556, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {host, "aim.localhost", [{password, "secret"}]}]}, % MSN Transport % {5557, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {host, "msn.localhost", [{password, "secret"}]}]}, % Yahoo! Transport % {5558, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {host, "yahoo.localhost", [{password, "secret"}]}]}, % External JUD (internal is more powerful, % but doesn't allow to register users from other servers) % {5559, ejabberd_service, [{ip, {127, 0, 0, 1}}, % {access, all}, % {host, "jud.localhost", [{password, "secret"}]}]}, % HTTP service (You may choose options HTTP-polling and Web-administering) % When commenting out, be careful with commas {5280, ejabberd_http, [http_poll, web_admin]} ]}. % If SRV lookup fails, then port 5269 is used to communicate with remote server {outgoing_s2s_port, 5269}. % Used modules: {modules, [ {mod_register, [{access, register}]}, {mod_roster, []}, {mod_privacy, []}, {mod_configure, []}, {mod_configure2, []}, {mod_disco, []}, {mod_stats, []}, % {mod_vcard, []}, {mod_vcard_ldap, [{host, "jud.workzone.spb.ru"}]}, {mod_offline, []}, {mod_echo, []}, {mod_private, []}, {mod_irc, []}, % Default options for mod_muc: % host: "conference." ++ ?MYNAME % access: all % access_create: all % access_admin: none (only room creator has owner privileges) {mod_muc, [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]}, {mod_pubsub, []}, {mod_time, []}, {mod_last, []}, {mod_version, []}, {mod_shared_roster, []} ]}.