кто-то настраивал jabberd2 ?

Разговоры ни о чём

Модератор: vadim64

Аватара пользователя
thefree
лейтенант
Сообщения: 980
Зарегистрирован: 2008-12-29 9:23:19
Откуда: Весёлая Страна

кто-то настраивал jabberd2 ?

Непрочитанное сообщение thefree » 2009-04-27 16:34:16

собственно

Код: Выделить всё

C2S : sx (sx.c:130) authenticating stream (method=SASL/DIGEST-MD5; id=free@****.ru)
C2S : sx (sx.c:135) 7 state change from 1 to 4
C2S : sx (sx.c:136) tag 7 event 5 data 0x0
C2S : sx (server.c:45) building features nad
C2S : sx (sasl_gsasl.c:337) already auth'd, not offering sasl mechanisms
C2S : Mon Apr 27 17:32:14 2009 bind.c:51 auth'd, offering resource bind and session
C2S : sx (io.c:383) tag 7 event 0 data 0x0
C2S : Mon Apr 27 17:32:14 2009 c2s.c:35 want read
C2S : Mon Apr 27 17:32:14 2009 c2s.c:539 write action on fd 7
C2S : sx (io.c:328) 7 ready for writing
C2S : sx (io.c:286) encoding 252 bytes for writing: <stream:features xmlns:stream='http://etherx.jabber.org/streams'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind><unbind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/></stream:features>
C2S : sx (chain.c:79) calling io write chain
C2S : sx (sasl_gsasl.c:217) doing sasl encode
C2S : sx (sasl_gsasl.c:233) 252 bytes encoded for sasl channel
ROUT: sx (io.c:429) tag 6 event 1 data 0x0
ROUT: Mon Apr 27 17:32:14 2009 router.c:520 want write
ROUT: Mon Apr 27 17:32:14 2009 router.c:869 write action on fd 6
ROUT: sx (io.c:328) 6 ready for writing
ROUT: sx (io.c:286) encoding 293 bytes for writing: <route xmlns='http://jabberd.jabberstudio.org/ns/component/1.0' to='c2s' from='****.ru'><sc:session xmlns:sc='http://jabberd.jabberstudio.org/ns/session/1.0' sc:c2s='7' action='start' target='free@****.ru/QIP' id='c8da426692bc7fb18b11c52920a8130df46fbe51' sc:failed='1'/></route>
и всё дальше не идёт ...

Код: Выделить всё

<stream:stream to="***.ru" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="ru" version="1.0" />
­
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
<mechanism>DIGEST-MD5</mechanism>
</mechanisms>
<auth xmlns="http://jabber.org/features/iq-auth" />
</stream:features>
­
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5" />
­
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09InRkbi50aGVmcmVlLnJ1Iiwgbm9uY2U9Ik1yUy8vVEhpZFhLbXdrd3N2b0JoZUE9PSIsIHFvcD0iYXV0aCIsIGNoYXJzZXQ9dXRmLTgsIGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
­
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9ImZyZWUiLHJlYWxtPSJ0ZG4udGhlZnJlZS5ydSIsbm9uY2U9Ik1yUy8vVEhpZFhLbXdrd3N2b0JoZUE9PSIsY25vbmNlPSJkNzA3MzI5YmVjZTQ1NWE0NjJiNThjZTAwZDExOTRjOSIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0ieG1wcC90ZG4udGhlZnJlZS5ydSIsY2hhcnNldD11dGYtOCxyZXNwb25zZT02YmFjYzdiNDUzYTI5MTAxZWQ3ZDA2M2Q2MzU4YWRmNw==</response>
­
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD1jYWEzNzhhMDQ1ZGFmYjdkY2JhZmFmZDRhOTQxNTNlYQ==</challenge>
­
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
­
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
­
<stream:stream to="***.ru" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="ru" version="1.0" />
­
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
<required />
</bind>
<unbind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
<session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</stream:features>
­
<iq type="set" id="qip_37">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
<resource>QIP</resource>
</bind>
</iq>­
Не судите меня строго, Я не волшебник, а только учусь!
http://planetbsd.ru - RSS-агрегатор *BSD по Рунету

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
hizel
дядя поня
Сообщения: 9031
Зарегистрирован: 2007-06-29 10:05:02
Откуда: Выборг

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение hizel » 2009-04-27 16:44:18

ничего не понял, дайте c2s.xml повтыкать :-)
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.

Аватара пользователя
hizel
дядя поня
Сообщения: 9031
Зарегистрирован: 2007-06-29 10:05:02
Откуда: Выборг

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение hizel » 2009-04-27 17:04:09

мой

Код: Выделить всё

<!-- c2s configuration -->
<c2s>
  <id>c2s</id>
  <pidfile>/var/jabberd/pid/c2s.pid</pidfile>

  <router>
    <ip>127.0.0.1</ip>            <!-- default: 127.0.0.1 -->
    <port>5347</port>             <!-- default: 5347 -->
    <user>jabberd</user>          <!-- default: jabberd -->
    <pass>*****************</pass>           <!-- default: secret -->
    <retry>
      <init>3</init>
      <lost>3</lost>
      <sleep>2</sleep>
    </retry>
  </router>

  <log type='file'>
          <file>/var/log/jabberd/c2s.log</file>
  </log>

  <local>
    <id register-enable='true'>http://************.ru/jabber/register</id>

    <id realm='*************.ru'
        pemfile='/usr/local/etc/apache2/ssl.key/*************.ru.pem'
        verify-mode='0'
        require-starttls='false'
        register-enable='true'
        instructions='Enter a username and password to register with this server.'
        register-oob='http://************.ru/jabber/register'
        password-change='false'>*************.ru</id>     
    <ip>195.177.*.*</ip>
    <port>5222</port>
    <ssl-port>5223</ssl-port>
    <pemfile>/usr/local/etc/jabberd/*************.ru.pem</pemfile>
    <verify-mode>0</verify-mode>
    <httpforward>http://www.jabber.org/</httpforward>
  </local>

  <io>
    <max_fds>1024</max_fds>
    <limits>
      <bytes>0</bytes>
      <stanzas>1000</stanzas>
      <connects>0</connects>
      <stanzasize>65535</stanzasize>
    </limits>
    <compression/>

    <access>
      <order>allow,deny</order>
    </access>

    <check>
      <interval>0</interval>
      <idle>0</idle>
      <keepalive>0</keepalive>
    </check>
  </io>

  <stats>
    <!--
    <packet>/var/jabberd/stats/c2s.packets</packet>
    -->
  </stats>

  <authreg>
    <path>/usr/local/lib/jabberd</path>
    <module>mysql</module>
    <mechanisms>
      <traditional>
        <plain/>
        <digest/>
      </traditional>
      <sasl>
        <plain/>
        <digest-md5/>
      </sasl>

    </mechanisms>
    <ssl-mechanisms>
      <traditional>
        <plain/>
      </traditional>
      <sasl>
        <plain/>
      </sasl>
    </ssl-mechanisms>

    <mysql>
      <host>localhost</host>
      <port>3306</port>
      <dbname>jabberd2</dbname>
      <user>jabberd2</user>
      <pass>*****************</pass>
      <password_type>
        <plaintext/>
        <!-- use crypt(3)ed passwords
        <crypt/>
        -->
      </password_type>
    </mysql>

    <pgsql>
      <conninfo>dbname=jabberd2 user=jabberd2 password=secret</conninfo>
      <host>localhost</host>
      <port>5432</port>
      <dbname>jabberd2</dbname>
      <user>jabberd2</user>
      <pass>secret</pass>
    </pgsql>
  </authreg>

</c2s>
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.

Аватара пользователя
thefree
лейтенант
Сообщения: 980
Зарегистрирован: 2008-12-29 9:23:19
Откуда: Весёлая Страна

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение thefree » 2009-04-27 19:23:46

Код: Выделить всё

<!-- c2s configuration -->
<c2s>
  <!-- Our ID on the network (default: c2s) -->
  <id>c2s</id>

  <!-- The process ID file. Comment this out if you don't need to know
       the process ID from outside the process (eg for control scripts) -->
  <pidfile>/var/jabberd/pid/c2s.pid</pidfile>

  <!-- Router connection configuration -->
  <router>
    <!-- IP/port the router is waiting for connections on -->
    <ip>127.0.0.1</ip>            <!-- default: 127.0.0.1 -->
    <port>5347</port>             <!-- default: 5347 -->

    <!-- Username/password to authenticate as -->
    <user>jabberd</user>          <!-- default: jabberd -->
    <pass>****</pass>           <!-- default: secret -->

    <!-- File containing an SSL certificate and private key to use when
         setting up an encrypted channel with the router. From
         SSL_CTX_use_certificate_chain_file(3): "The certificates must be
         in PEM format and must be sorted starting with the subject's
         certificate (actual client or server certificate), followed
         by intermediate CA certificates if applicable, and ending
         at the highest level (root) CA" (the latter one being optional).
         If this is commented out, or the file can't be read, no attempt
         will be made to establish an encrypted channel with the router. -->
    <!--
    <pemfile>/usr/local/etc/jabberd/server.pem</pemfile>
    -->

    <!-- Router connection retry -->
    <retry>
      <!-- If the connection to the router can't be established at
           startup, we should try again this many times before exiting.
           Use -1 to retry indefinitely. [default: 3] -->
      <init>3</init>

      <!-- If we lost the connection to the router during normal
           operation (ie we've successfully connected to the router in
           the past), we should try to reconnect this many times before
           exiting. Use -1 to retry indefinitely. [default: 3] -->
      <lost>3</lost>

      <!-- Sleep for this many seconds before trying attempting a
           reconnect. [default: 2] -->
      <sleep>2</sleep>
    </retry>
  </router>

  <!-- Log configuration - type is "syslog", "file" or "stdout" -->
  <log type='syslog'>
    <!-- If logging to syslog, this is the log ident -->
    <ident>jabberd/c2s</ident>

    <!-- If logging to syslog, this is the log facility
         (local0 - local7)                        [default: local3] -->
    <facility>local3</facility>

    <!-- If logging to file, this is the filename of the logfile -->
    <!--
    <file>/var/jabberd/log/c2s.log</file>
    -->
  </log>

  <!-- Local network configuration -->
  <local>
    <!-- Who we identify ourselves as. This should correspond to the
         ID (host) that the session manager thinks it is. You can
         specify more than one to support virtual hosts, as long as you
         have additional session manager instances on the network to
         handle those hosts.

         You may leave the content of the <id/> empty to setup default
         virtual host setup, that will be used for all present but not
         configured otherwise SM domains.

         realm
         attribute specifies the auth/reg or SASL authentication realm
         for the host. If the attribute is not specified, the realm will
         be selected by the SASL mechanism, or will be the same as the ID
         itself. Be aware that users are assigned to a realm, not a host,
         so two hosts in the same realm will have the same users. If no
         realm is specified, it will be set to be the same as the ID.
         If empty "" realm is specified, the PAM backend wil authenticate
         using plain usernames, not JIDs.

         pemfile
         attribute specifies the file containing a SSL certificate and
         private key for client connections. If this is non existant,
         clients will not be offered the STARTTLS stream extension
         From SSL_CTX_use_certificate_chain_file(3):
         "The certificates must be in PEM format and must be sorted
         starting with the subject's certificate (actual client or server
         certificate), followed by intermediate CA certificates if
         applicable, and ending at the highest level (root) CA"
         (the latter one being optional).

         verify-mode
         SSL verify mode - see SSL_CTX_set_verify(3), mode parameter

         require-starttls
         If this attribute is set to any value, clients must do STARTTLS
         before they can authenticate. Until the stream is encrypted,
         all packets will be dropped.

         register-enable
         Remove this attribute to disable account registrations.

         instructions
         Human-readable instructions to be returned to client when
         registration is requested.

         register-oob
         URL to be attached as an alternative, out-of-band registration
         method. Usually web-based http:// URL.

         password-change
         Password change only. When registration is disabled, it may
         still be useful to allow clients to change their password. If
         you want this, add this attribute with any value, when you need
         registration disabled.
          -->
    <!-- <id register-enable='true'>*******.ru</id> -->
    <!-- or
    <id realm='company.int'
        pemfile='/usr/local/etc/jabberd/server.pem'
        verify-mode='7'
        require-starttls='true'
        register-enable='true'
        instructions='Enter a username and password to register with this server.'
        register-oob='http://example.org/register'
        password-change='true'
    >example.net</id> -->
    <!-- or the default host
    <id password-change='true' /> -->

    <!-- IP address to bind to (default: 0.0.0.0) -->
    <id realm='*******.ru'>*******.ru</id>
    <ip>89.107.***.****</ip>

    <!-- Port to bind to, or 0 to disable unencrypted access to the
         server (default: 5222) -->
    <port>5222</port>

    <!-- Older versions of jabberd support encrypted client connections
         via an additional listening socket on port 5223. If you want
         this (required to allow pre-STARTTLS clients to do SSL),
         uncomment this -->
    <!--
    <ssl-port>5223</ssl-port>
    -->

    <!-- File containing an SSL certificate and private key for client
         connections. From SSL_CTX_use_certificate_chain_file(3):
         "The certificates must be in PEM format and must be sorted
         starting with the subject's certificate (actual client or server
         certificate), followed by intermediate CA certificates if
         applicable, and ending at the highest level (root) CA"
         (the latter one being optional).

         Note: This certificate is ONLY used for old style SSL
         connections on port 5223 (pre-STARTTLS).  If you want to
         use STARTTLS over the standard XMPP port 5222 then you
         MUST specify the pemfile in the 'id' tag above. -->
    <!--
    <pemfile>/usr/local/etc/jabberd/server.pem</pemfile>
    -->

    <!-- SSL verify mode - see SSL_CTX_set_verify(3), mode parameter -->
    <!--
    <verify-mode>7</verify-mode>
    -->

    <!-- Forward incoming HTTP clients to a real HTTP server -->
    <!--
    <httpforward>http://www.jabber.org/</httpforward>
    -->
  </local>

  <!-- Input/output settings -->
  <io>
    <!-- Maximum number of file descriptors. This value sets an upper
         limit on the number of users who may be logged in to this
         server at a given time. Each user consumers one file
         descriptor.

         Note that the number of possible connections will be slightly
         less than this, because c2s itself can use up five on its own,
         and auth/reg modules may need a few also. If the supply of
         file descriptors is exhausted, new incoming connections will
         be denied.

         Also note that this value only affects how many file descriptors
         jabberd is able to handle internally. You may also need to
         tell your operating system to allow jabberd to use more file
         descriptors. On Linux this can be done using ulimit -n or by
         changing the value of /proc/sys/fd/file-max.

         (default: 1024) -->
    <max_fds>1024</max_fds>

    <!-- Rate limiting -->
    <limits>
      <!-- Maximum bytes per second - if more than X bytes are sent in Y
           seconds, connection is throttled for Z seconds. The format
           is:

             <bytes seconds='Y' throttle='Z'>X</bytes>

           Default Y is 1, default Z is 5. set X to 0 to disable. -->
      <bytes>0</bytes>

      <!-- Maximum number of stanzas per second - if more than X stanzas
           are sent in Y seconds, connection is throttled for Z seconds.
           The format is:

             <stanzas seconds='Y' throttle='Z'>X</stanzas>

           Default Y 1, default Z is 5. Set X to 0 to disable -->
      <stanzas>1000</stanzas>

      <!-- Maximum connects per second - if more than X connects are
           attempted from a single IP in Y seconds, that IP is throttled
           for Z seconds. The format is:

             <connects seconds='Y' throttle='Z'>X</connects>

           Default Y is 5, default Z is 5. set X to 0 to disable. -->
      <connects>0</connects>

      <!-- Maximum stanza size - if more than given number of bytes
           are read in one incoming stanza, the stream is closed
	   with policy-violation error.

           Set to 0 to disable.
           Values less than 16384 might not work. -->
      <stanzasize>65535</stanzasize>
    </limits>

    <!-- Enable XEP-0138: Stream Compression -->
    <!--
    <compression/>
    -->

    <!-- IP-based access controls. If a connection IP matches an allow
         rule, the connection will be accepted. If a connecting IP
         matches a deny rule, the connection will be refused. If the
         connecting IP does not match any rules, or it matches both an
         allow and a deny rule, the contents of the <order/> option
         determines what happens. -->
    <access>
      <!-- Rule check order (default: allow,deny)

           allow,deny - Check allow rules, then check deny rules.
                        Allow by default.
           deny,allow - Check deny rules, then check allow rules.
                        Deny by default. -->
      <order>allow,deny</order>

      <!-- Allow a network. If the mask isn't specified, it defaults to
           255.255.255.255 (ie allow onle the specified IP) -->
      <!--
      <allow ip='127.0.0.0' mask='255.0.0.0'/>
      -->

      <!-- Allow a single host -->
      <!--
      <allow ip='12.34.56.78'/>
      -->

      <!-- Deny a network or a host -->
      <!--
      <deny ip='127.0.0.1' mask='255.0.0.0'/>
      <deny ip='87.65.43.21'/>
      -->
    </access>

    <!-- Timed checks -->
    <check>
      <!-- Interval between checks.

           Open client connections will be checked every n seconds, and
           the following checks applied.

           0 disables all checks.                       (default: 0) -->
      <interval>0</interval>

      <!-- Idle connection checks.

           Connections that have not sent data for longer than this many
           seconds will be dropped.

           0 disables idle timeouts.                    (default: 0) -->
      <idle>0</idle>

      <!-- Keepalives.

           Connections that have not sent data for longer than this many
           seconds will have a single whitespace character sent to them.
           This will force the TCP connection to be closed if they have
           disconnected without us knowing about it.

           0 disables keepalives.                       (default: 0) -->
      <keepalive>0</keepalive>

    </check>

  </io>

  <!-- Statistics -->
  <stats>
    <!-- file containing count of packets that went through -->
    <!--
    <packet>/var/jabberd/stats/c2s.packets</packet>
    -->
  </stats>

  <!-- Authentication/registration database configuration -->
  <authreg>
    <!-- Dynamic authreg modules path -->
    <path>/usr/local/lib/jabberd</path>

    <!-- Backend module to use -->
    <module>mysql</module>

    <!-- Available authentication mechanisms -->
    <mechanisms>

      <!-- These are the traditional Jabber authentication mechanisms.
           Comment out any that you don't want to be offered to clients.
           Note that if the auth/reg module does not support one of
           these mechanisms, then it will not be offered regardless of
           whether or not it is enabled here. -->
      <traditional>
        <plain/>
        <digest/>
      </traditional>

      <!-- SASL authentication mechanisms. Comment out any that you
           don't want to be offered to clients. Again, if the auth/reg
           module does not support one of these mechanisms, then it will
           not be offered. -->
      <sasl>
        <plain/>
        <digest-md5/>
        <!--
        <anonymous/>
        <gssapi/>
        -->
      </sasl>

    </mechanisms>

    <!-- Additional mechanisms that are also available when the
         connection is encrypted. Ie. when START-TLS had been
         negotiated, or user connected on SSL-wrapped port. -->
    <ssl-mechanisms>

      <!-- it's advisable that you disable plain in the above
           <mechanisms/> section -->
      <traditional>
        <plain/>
      </traditional>

      <sasl>
        <plain/>
      </sasl>

    </ssl-mechanisms>

    <!-- MySQL module configuration -->
    <mysql>
      <!-- Database server host and port -->
      <host>localhost</host>
      <port>3306</port>

      <!-- Database name -->
      <dbname>jabberd2</dbname>

      <!-- Database username and password -->
      <user>jabberd2</user>
      <pass>******************************</pass>

      <!-- Passwords in DB may be stored in plain or hashed format -->
      <!-- NOTE: If you are using hashed passwords, the only auth
                 method that will work is PLAIN.
                 Make sure that you disabled others in 'mechanisms'
                 sections of the config file. -->
      <password_type>
        <!-- only one may be enabled here -->
        <plaintext/>
        <!-- use crypt(3)ed passwords
        <crypt/>
        -->
      </password_type>
    </mysql>

    <!-- PostgreSQL module configuration -->
    <pgsql>
      <!-- PostgreSQL connection info.
           For the rest of the options see
           http://www.postgresql.org/docs/8.0/interactive/libpq.html -->
      <conninfo>dbname=jabberd2 user=jabberd2 password=secret</conninfo>

      <!-- Alternatively you may set connection settings separately.
           These are used only in absence of 'conninfo' -->

      <!-- Database server host and port -->
      <host>localhost</host>
      <port>5432</port>

      <!-- Database name -->
      <dbname>jabberd2</dbname>

      <!-- Database username and password -->
      <user>jabberd2</user>
      <pass>secret</pass>
    </pgsql>

    <!-- Oracle driver configuration -->
    <oracle>
      <!-- Database server host and port. -->
      <host>localhost</host>
      <port>1521</port>

      <!-- Database name -->
      <dbname>jabberd2</dbname>

      <!-- Database username and password -->
      <user>jabberd2</user>
      <pass>secret</pass>
    </oracle>

    <!-- SQLite driver configuration -->
    <sqlite>
      <!-- Database name -->
      <dbname>/var/jabberd/db/sqlite.db</dbname>

      <!-- Transacation support. If this is commented out, transactions
           will be disabled. This might make database accesses faster,
           but data may be lost if jabberd crashes. -->
      <transactions/>

      <!-- SQLite busy-timeout in milliseconds. -->
      <busy-timeout>2000</busy-timeout>
    </sqlite>

    <!-- Berkeley DB module configuration -->
    <db>
      <!-- Directory to store database files under -->
      <path>/var/jabberd/db</path>

      <!-- Synchronize the database to disk after each write. If you
           disable this, database accesses may be faster, but data may
           be lost if jabberd crashes. -->
      <sync/>
    </db>

    <!-- LDAPFULL module configuration -->
    <ldapfull>
      <!-- LDAP server host and port (default: 389) -->
      <uri>ldap://localhost/ ldaps://ldap.example.com/</uri>
      
      <!-- DN to bind as for searches. If unspecified, the searches
           will be done anonymously. -->
      <!--
      <binddn>cn=Directory Manager</binddn>
      <bindpw>secret</bindpw>
      -->

      <!-- Type of LDAP server. Currently "ad" for active directory and "ldap"
           for other ldap servers. If not specified, then it is ldap. -->
      <!--
      <type>ad</type>
      -->

      <!-- LDAP attribute that holds the user ID (default: uid) -->
      <uidattr>uid</uidattr>
      <objectclass>posixAccount</objectclass>
      <pwattr>userPassword</pwattr>
      <!-- if you use included jabberd.schema use this:
      <uidattr>jid</uidattr>
      <objectclass>jabberUser</objectclass>
      <pwattr>jabberPassword</pwattr>
      -->

      <!-- Attribute that holds jabber account status. Must be TRUE for AD,
           and 1 for other LDAP server.
           If not specified, then it will not be used. -->
      <!--
      <validattr>valid</validattr>
      -->
      <fulluid/>
      <!-- If pwscheme is not defined, then passwords are stored in clear
           text and digest authentication may be done.
           If passwords are hashed, then you cannot use digest authentication
           and should use plain text authentication.
           For now, sha, ssha and plain may be specified -->
      <!-- <pwscheme>ssha</pwscheme> -->

      <!-- base DN of the tree. You should specify a DN for each
           authentication realm declared in the <local/> section above,
           by using the realm attribute. -->
      <basedn realm='company'>o=Company.com</basedn>
      <basedn>o=Example Corp.</basedn>
    </ldapfull>

    <!-- LDAP module configuration -->
    <!-- Remember that you need to use PLAIN auth with LDAP backend -->
    <ldap>
      <!-- LDAP server host and port (default: 389) -->
      <host>ldap.example.com</host>
      <port>389</port>

      <!-- Use LDAP v3 if possible. If disabled, v2 will be used.
           Encryption options are only available if v3 is enabled. -->
      <!--
      <v3/>
      -->

      <!-- Encryption. If enabled, this will create an encrypted channel
           to the LDAP server using the LDAP STARTTLS mechanism. -->
      <!--
      <starttls/>
      -->

      <!-- Encryption. If enabled, this will create an encrypted channel
           to the server using the old-style "ldaps://" mechanism. It is
           recommended that you use <starttls/> instead of this. -->
      <!--
      <ssl/>
      -->

      <!-- DN to bind as for searches. If unspecified, the searches
           will be done anonymously. -->
      <!--
      <binddn>cn=Directory Manager</binddn>
      <bindpw>secret</bindpw>
      -->

      <!-- LDAP attribute that holds the user ID (default: uid) -->
      <uidattr>uid</uidattr>

      <!-- Enable the append-realm element if you want to append
           realm value (usernam@realm) to the uidattr value
      <append-realm/>
      -->

      <!-- Alternatively to <uidattr/> and <append-realm/> you may
           specify full LDAP search <query/> that will be used to
           get user objects from directory.

           The following replacements take place:
           %u  is replaced by user login name
           %r  is replaced by user login realm

           When <query/> is specified, <uidattr/> and <append-realm/>
           are unused and take no effect. -->
      <!--
      <query>(&(mail=%u@%r)(objectClass=inetOrgPerson))</query>
      -->

      <!-- base DN of the tree. You should specify a DN for each
           authentication realm declared in the <local/> section above,
           by using the realm attribute. -->
      <basedn realm='company'>o=Company.com</basedn>
      <basedn>o=Example Corp.</basedn>
    </ldap>
    <!-- if you want to configure more than one LDAP server
         create ldap1, ldap2 etc. sections
    <ldap1>

    </ldap1>
    -->

    <!-- Pipe module configuration -->
    <pipe>
      <!-- Program to execute -->
      <exec>/usr/local/bin/pipe-auth.pl</exec>
    </pipe>

  </authreg>

</c2s>
<!--
  vim: syntax=xml
-->
мой ...
Не судите меня строго, Я не волшебник, а только учусь!
http://planetbsd.ru - RSS-агрегатор *BSD по Рунету

Аватара пользователя
hizel
дядя поня
Сообщения: 9031
Зарегистрирован: 2007-06-29 10:05:02
Откуда: Выборг

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение hizel » 2009-04-27 19:36:37

комменты в конфиге порадовали :(
для начала внедрите verify-mode='0' вместо '7'
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.

Аватара пользователя
thefree
лейтенант
Сообщения: 980
Зарегистрирован: 2008-12-29 9:23:19
Откуда: Весёлая Страна

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение thefree » 2009-04-27 19:56:12

внедрил
неудача ...
Не судите меня строго, Я не волшебник, а только учусь!
http://planetbsd.ru - RSS-агрегатор *BSD по Рунету

Аватара пользователя
manefesto
Группенфюррер
Сообщения: 6934
Зарегистрирован: 2007-07-20 8:27:30
Откуда: Пермь
Контактная информация:

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение manefesto » 2009-04-28 14:18:01

HIZEL nakiday stat'yu,u menya bila na openbsd.ru no wiki slomali,stat'i poherili
я такой яростный шо аж пиздеЦ
Изображение

Аватара пользователя
thefree
лейтенант
Сообщения: 980
Зарегистрирован: 2008-12-29 9:23:19
Откуда: Весёлая Страна

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение thefree » 2009-04-28 21:52:38

поборол проблема была в настройках route
Не судите меня строго, Я не волшебник, а только учусь!
http://planetbsd.ru - RSS-агрегатор *BSD по Рунету

Аватара пользователя
hizel
дядя поня
Сообщения: 9031
Зарегистрирован: 2007-06-29 10:05:02
Откуда: Выборг

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение hizel » 2009-04-28 22:40:11

угу щаз присмотрелся, похоже
логи у jabberd совершенно не информативны это да :(
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.

Аватара пользователя
thefree
лейтенант
Сообщения: 980
Зарегистрирован: 2008-12-29 9:23:19
Откуда: Весёлая Страна

Re: кто-то настраивал jabberd2 ?

Непрочитанное сообщение thefree » 2009-04-29 9:41:07

оставлю людям на память ... кто будет ставить ЗНАЙТИ!
если вы не делаете авто регистрации то надо вставлять в 2е таблице данные, ибо авторизация полностью не будет проходить ...

Код: Выделить всё

INSERT INTO `active` VALUES ('user@jabber.local', 1, 1240949743);
INSERT INTO `authreg` VALUES ('user', 'jabber.local', 'password');
route не отрабатывал коннект т.к. небыла записи в базе active и с ip я напутал.
Не судите меня строго, Я не волшебник, а только учусь!
http://planetbsd.ru - RSS-агрегатор *BSD по Рунету