From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00, DNS_FROM_OPENWHOIS, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=no version=3.2.5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=E+HNgGvmuBEo/62rulkQ5OodytqLN4J5BAfS3q/qovE=; b=amcXAz9DYtn4gtGjWHq2BZYkFMtMh/n8uS/XFYqVeJuKB89fvSgKJTm8eOn7kO0jG7 5v+uHxMXyeQNAEkljgpgR8HRW8hf8FeWwT7kv7+rAMaH+FUr15zbOAXjacqjsZ+iPk1V E3kMEL551E2rW/K59FvAjkgV8XCqQiksRo6cw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=czDYkK2YvCtjkOTbXP/E8fD1HaFh0Y8g50QbSJ7zu/DL4HZzNwp7yLIQL0YBxgkd+9 4El+RRwtejx6EircG53YnU9HXJ0T4IGp0F2/sJljfyxncJIIAR+wJozFYNfow+t6zM5w 0FPhqHCBeiQgprEeDam//56uWkrXFKfwt/z0E= MIME-Version: 1.0 In-Reply-To: <201101141203.01918.sovetnchara@bk.ru> References: <201101141203.01918.sovetnchara@bk.ru> Date: Fri, 14 Jan 2011 08:46:12 +0200 Message-ID: From: Dmitriy Kruglikov To: "ALT Linux sysadmins' discussion" Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Subject: Re: [Sysadmins] Ejabberd + LDAP X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2011 06:46:18 -0000 Archived-At: List-Archive: 14 =D1=CE=D7=C1=D2=D1 2011=9A=C7. 5:03 =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D8= =E2=D5=D2=CB=CF =E1=CC=C5=CB=D3=C1=CE=C4=D2 =EB=CF=CE=D3=D4=C1=CE=D4=C9=CE= =CF=D7=C9=DE =CE=C1=D0=C9=D3=C1=CC: > =F0=CF=C4=D3=CB=C1=D6=C9=D4=C5 =CB=C1=CB =D0=D2=C1=D7=C9=CC=D8=CE=CF > =CE=C1=D3=D4=D2=CF=C9=D4=D8 =CB=CF=CE=C6=C9=C7, =DE=D4=CF=C2=D9 =C1=D7=D4= =CF=D2=C9=DA=C1=C3=C9=D1 =C2=D9=CC=C1 =DE=C5=D2=C5=DA LDAP. =F7=CF=D4 =CD=CF=CA =D2=C1=C2=CF=DE=C9=CA =CB=CF=CE=C6=C9=C7. =F3=CD=CF=D4=D2=C9=D4=C5, =CD=C5=CE=D1=CA=D4=C5 =D0=CF =D3=D7=CF=C5=CD=D5 = =D5=D3=CD=CF=D4=D2=C5=CE=C9=C0. +++++++ # cat /etc/ejabberd/ejabberd.cfg %%% %%% ejabberd configuration file %%% {loglevel, 1}. {watchdog_admins, ["admin@domain.com.ua"]}. {hosts, ["domain.com.ua"]}. %% {listen, [ {5222, ejabberd_c2s, [ {certfile, "/var/lib/ssl/certs/ejabberd.pem"}, starttls, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} ]}, {5223, ejabberd_c2s, [ {access, c2s}, {shaper, c2s_shaper}, {certfile, "/var/lib/ssl/certs/ejabberd.pem"}, tls, {max_stanza_size, 65536} ]}, {5269, ejabberd_s2s_in, [ {shaper, s2s_shaper}, {max_stanza_size, 131072} ]}, {5280, ejabberd_http, [ captcha, http_poll, http_bind, web_admin ]} ]}. %%% =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D %%% AUTHENTICATION %% %% Authentication using LDAP %% {auth_method, ldap}. %% %% List of LDAP servers: {ldap_servers, ["localhost"]}. %% %% LDAP attribute that holds user ID: {ldap_uids, [{"uid", "%u"}]}. %% %% Search base of LDAP directory: {ldap_base, "ou=3DPeople,dc=3Ddomain,dc=3Dcom,dc=3Dua"}. {ldap_filter, "(objectClass=3Dperson)"}. %% %% LDAP manager: %%{ldap_rootdn, ""}. %% %% Password to LDAP manager: %%{ldap_password, ""}. %% %% Anonymous login support: %% auth_method: anonymous %% anonymous_protocol: sasl_anon | login_anon | both %% allow_multiple_connections: true | false %% %%{host_config, "public.example.org", [{auth_method, anonymous}, %% {allow_multiple_connections, false}, %% {anonymous_protocol, sasl_anon}]}. %% %% To use both anonymous and internal authentication: %% %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}= ]}. %%% =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D %%% TRAFFIC SHAPERS %% %% The "normal" shaper limits traffic speed to 1.000 B/s %% {shaper, normal, {maxrate, 1000}}. %% %% The "fast" shaper limits traffic speed to 50.000 B/s %% {shaper, fast, {maxrate, 50000}}. %%% =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D %%% ACCESS CONTROL LISTS %% %% The 'admin' ACL grants administrative privileges to Jabber accounts. %% You can put as many accounts as you want. %% %%{acl, admin, {user, "aleksey", "localhost"}}. %%{acl, admin, {user, "ermine", "example.org"}}. {acl, admin, {user, "admin", "domain.com.ua"}}. %% %% Blocked users %% %%{acl, blocked, {user, "baduser", "example.org"}}. %%{acl, blocked, {user, "test"}}. %% %% Local users: don't modify this line. %% {acl, local, {user_regexp, ""}}. %% %% More examples of ACLs %% %%{acl, jabberorg, {server, "jabber.org"}}. %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. %%{acl, test, {user_regexp, "^test"}}. %%{acl, test, {user_glob, "test*"}}. %% %% Define specific ACLs in a virtual host. %% %%{host_config, "localhost", %% [ %% {acl, admin, {user, "bob-local", "localhost"}} %% ] %%}. %%% =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D %%% ACCESS RULES %% Maximum number of simultaneous sessions allowed for a single user: {access, max_user_sessions, [{10, all}]}. %% Maximum number of offline messages that users can have: {access, max_user_offline_messages, [{5000, admin}, {100, all}]}. %% This rule allows access only for local users: {access, local, [{allow, local}]}. %% Only non-blocked users can use c2s connections: {access, c2s, [{deny, blocked}, {allow, all}]}. %% For C2S connections, all users except admins use "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. %% All S2S connections use "fast" shaper {access, s2s_shaper, [{fast, all}]}. %% Only admins can send announcement messages: {access, announce, [{allow, admin}]}. %% Only admins can use configuration interface: {access, configure, [{allow, admin}]}. %% Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. %% All users are allowed to use MUC service: {access, muc, [{allow, all}]}. %% Everybody can create pubsub nodes {access, pubsub_createnode, [{allow, all}]}. %% In-band registration allows registration of any possible username. %% To disable in-band registration, replace 'allow' with 'deny'. {access, register, [{deny, all}]}. %% By default frequency of account registrations from a the same IP %% is limited to 1 account every 10 minutes. To disable put: infinity %%{registration_timeout, 600}. %% %% Define specific Access rules in a virtual host. %% %%{host_config, "localhost", %% [ %% {access, c2s, [{allow, admin}, {deny, all}]}, %% {access, register, [{deny, all}]} %% ] %%}. %%% =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D %%% DEFAULT LANGUAGE %% %% language: Default language used for server messages. %% {language, "ru"}. %% %% Set a different default language in a virtual host. %% %%{host_config, "localhost", %% [{language, "ru"}] %%}. %%% =3D=3D=3D=3D=3D=3D=3D %%% MODULES %% %% Modules enabled in all ejabberd virtual hosts. %% {modules, [ {mod_http_bind, []}, {mod_adhoc, []}, {mod_admin_extra, []}, {mod_announce, [{access, announce}]}, % recommends mod_adhoc {mod_caps, []}, {mod_configure,[]}, % requires mod_adhoc {mod_disco, []}, %%{mod_echo, [{host, "echo.localhost"}]}, {mod_last, []}, {mod_muc, [ {default_room_options, [{persistent, true}]}, %%{host, "conference.@HOST@"}, {access, muc}, {access_create, muc}, {access_persistent, muc}, {access_admin, muc_admin} ]}, {mod_muc_log,[]}, {mod_offline, []}, {mod_ping, []}, {mod_privacy, []}, {mod_private, []}, %%{mod_proxy65,[]}, %% {mod_pubsub, [ % requires mod_caps %% {access_createnode, pubsub_createnode}, %% {plugins, ["default", "pep"]} %% ]}, {mod_vcard_ldap, [ {ldap_uidattr, "uid"}, {ldap_uidattr_format, "%u"}, {ldap_vcard_map, [ {"NICKNAME", "%s", ["cn"]}, {"GIVEN", "%s", ["givenName"]}, {"MIDDLE", "%s", ["initials"]}, {"FAMILY", "%s", ["sn"]}, {"FN", "%s", ["displayName"]}, {"EMAIL", "%s", ["mail"]}, {"ORGNAME", "%s", ["o"]}, {"ORGUNIT", "%s", ["ou"]}, {"LOCALITY", "%s", ["l"]}, {"STREET", "%s", ["street"]}, {"REGION", "%s", ["st"]}, {"PCODE", "%s", ["postalCode"]}, {"TITLE", "%s", ["title"]}, {"DESC", "%s", ["description"]}, {"PHOTO", "%s", ["jpegPhoto"]}, {"TEL", "%s", ["mobile"]} ]}, {ldap_search_fields, [ {"=F0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D8", "%u"}, {"=F0=D3=C5=D7=C4=CF=CE=C9=CD", "displayName"}, {"=E9=CD=D1", "givenName"}, {"=E6=C1=CD=C9=CC=C9=D1", "sn"}, {"E-Mail", "mail"}, {"=E7=CF=D2=CF=C4", "l"} ]}, {ldap_search_reported, [ {"=F0=D3=C5=D7=C4=CF=CE=C9=CD", "NICKNAME"}, {"=F4=C5=CC=C5=C6=CF=CE=D9", "TEL"}, {"E-Mail", "EMAIL"} ]} ]}, {mod_roster, []}, %%{mod_service_log,[]}, %% {mod_shared_roster,[]}, {mod_shared_roster_ldap, [ {ldap_base, "ou=3DPeople,dc=3Ddomain,dc=3Dcom,dc=3Dua"}, {ldap_groupattr, "ou"}, {ldap_rfilter, "(objectClass=3Dperson)"}, {ldap_memberattr, "uid"}, {ldap_useruid, "uid"}, {ldap_userdesc, "cn"} ]}, {mod_stats, []}, {mod_time, []}, %% {mod_vcard, []}, {mod_version, []} ]}. %% %% Enable modules with custom options in a specific virtual host %% %%{host_config, "localhost", %% [{{add, modules}, %% [ %% {mod_echo, [{host, "mirror.localhost"}]} %% ] %% } %% ]}. %%% $Id$ %%% Local Variables: %%% mode: erlang %%% End: %%% vim: set filetype=3Derlang tabstop=3D8: +++++++ =F5=DE=C9=D4=C5 =C4=C5=D4=C5=CA =C8=CF=D2=CF=DB=C5=CD=D5 ;) --=20 Best regards, =9ADmitriy Kruglikov. =9A =9A QString at, dot, mail, XMPP; =9A =9A at =3D "@"; =9A =9A dot =3D "."; =9A =9A mail =3D "Dmitriy.Kruglikov" + $at +"gmail" + $dot + "com"; =9A =9A XMPP =3D $mail;