forum.lissyara.su

Не бойся, когда ты один. Бойся, когда ты ноль.
https://forum.lissyara.su/

ejabberd + ldap = ошмбка авторизации

https://forum.lissyara.su/viewtopic.php?f=3&t=24411

Страница 1 из 1

ejabberd + ldap = ошмбка авторизации

Добавлено: 2010-02-27 13:29:43
-=HatebreedeR=-
Добрый день. Мучаюсь с настройкой. Версия Freebsd 7.1 - STABLE
У ehabberda версия ejabberd-1.1.4_2.
Прикрутить аутентификацию через ldap не получилось - при попытке подключиться psi выдаёт Ошибка обмена данными с сервером. Подробности: ошибка авторизации. Не авторизован.
В логах ejabberd.log пишет:

Код: Выделить всё

=INFO REPORT==== 2010-02-27 13:06:15 ===
I(<0.197.0>:ejabberd_listener:90): (#Port<0.3915>) Accepted connection {{192,168,32,34},52744} -> {{192,168,32,3},5222}
Пробовал под разными учетками входить, не получается. На сайт http://mycompany.ru:5280/admin/ тоже не пускает, не авторизует.
Содержание ejabberd.cfg

Код: Выделить всё

override_global.
override_local.
override_acls.


% Users that have admin access.  Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin", "mycompany.ru"}}.
{access, configure, [{allow, admin}]}.



% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
 {"Welcome!",
  "Welcome to Jabber Service.  "
  "For information about Jabber visit http://jabber.org"}}.
% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
%                         "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.


% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
	       {allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
		      {normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

{hosts, ["mycompany.ru"]}.
% Authentication method.  If you want to use internal user base, then use
% this line:
%{auth_method, internal}.

{host_config, "mycompany.ru", [

{auth_method, ldap},
{ldap_servers, ["mycompany.ru"]},    % List of LDAP servers
{ldap_port, 389},
{ldap_base, "ou=people,dc=mycompany,dc=ru"}, % Search base of LDAP directory
{ldap_rootdn, "cn=admin,dc=mycompany,dc=ru"}, % LDAP manager
{ldap_password, "admin_pass_to_access_web"}
 % Password to LDAP manager
]}.


%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.


% Default language for server messages
{language, "ru"}.

% Listened ports:
{listen,
 [
 {5222, ejabberd_c2s,     [
			    starttls, {certfile, "/usr/local/etc/ejabberd/server.pem"}
			    ]},

  % Use these two lines instead if TLS support is not compiled
  %{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}]},
  %{5223, ejabberd_c2s,     [{access, c2s}, ssl, {certfile, "/usr/local/etc/ejabberd/server.pem"}]},
  {5269, ejabberd_s2s_in,  [
			   ]},
  {5280, ejabberd_http,    [web_admin]}
 ]}.


% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/usr/local/etc/ejabberd/server.pem"}.
{outgoing_s2s_port, 5269}.


% Used modules:
{modules,
 [
  {mod_register,   [{access, register}]},
  {mod_roster,     []},
  {mod_privacy,    []},
  {mod_adhoc,      []},
  {mod_configure,  []}, % Depends on mod_adhoc
  {mod_configure2, []},
  {mod_disco,      []},
  {mod_stats,      []},
  {mod_vcard,      []},
  {mod_offline,    []},
  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
  {mod_echo,       [{host, "echo.localhost"}]},
  {mod_private,    []},
  {mod_irc,        []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
  {mod_muc,        [{access, muc},
		    {access_create, muc},
		    {access_admin, muc_admin}]},
%  {mod_muc_log,    []},
%  {mod_shared_roster, []},
  {mod_pubsub,     [{access_createnode, pubsub_createnode}]},
  {mod_time,       []},
  {mod_last,       []},
  {mod_version,    []}
 ]}.
Подскажите, пожалуйста, куда копать. :st: Если что-то необходимо указать дополнительно - сообщите

Re: ejabberd + ldap = ошмбка авторизации

Добавлено: 2010-05-10 12:15:06
Alex Keda
сообщения нормально оформлять научитесь.
Часовой пояс: UTC+03:00
Страница 1 из 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/