Difference between revisions of "Ejabberd in UCS"

From Univention Wiki

Jump to: navigation, search
(Created page with "{{Cool Solutions Disclaimer}} {{Review-Status}} {{Version|UCS=3.0}} === General Informations === Needed softwarepackages: erlang-base, ejabberd, erlang-nox This article describe...")
 
(adding syntax highlighting)
Line 17: Line 17:
 
The eJabberd is configuarable with the file ''/etc/ejabberd/ejabberd.cfg''. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized.
 
The eJabberd is configuarable with the file ''/etc/ejabberd/ejabberd.cfg''. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized.
 
The vaule of NAME is the output from two UCR variables, which were seperated bei comma.
 
The vaule of NAME is the output from two UCR variables, which were seperated bei comma.
<pre>
+
<syntaxhighlight lang=bash>
 
ucr get hostname
 
ucr get hostname
 
ucr get domainname
 
ucr get domainname
</pre>
+
</syntaxhighlight>
 
e.g. master.example.org, the output from ''ucr get domainname'' is also the value for DOMAINNAME.
 
e.g. master.example.org, the output from ''ucr get domainname'' is also the value for DOMAINNAME.
  
 
The value of LDAPBASE is the output from
 
The value of LDAPBASE is the output from
<pre>
+
<syntaxhighlight lang=bash>
 
ucr get ldap/base
 
ucr get ldap/base
</pre>
+
</syntaxhighlight>
  
 
=== General settings ===
 
=== General settings ===
<pre>
+
<syntaxhighlight lang=erlang>
 
...
 
...
 
%% mapping the administrator account of the Jabber server to a normal administrator
 
%% mapping the administrator account of the Jabber server to a normal administrator
Line 36: Line 36:
 
%% The domainname of the Jabber server
 
%% The domainname of the Jabber server
 
{hosts, ["DOMAINNAME"]}.
 
{hosts, ["DOMAINNAME"]}.
</pre>
+
</syntaxhighlight>
  
 
=== Authentification (LDAP) ===
 
=== Authentification (LDAP) ===
  
<pre>
+
<syntaxhighlight lang=erlang>
 
...
 
...
 
% Commenting out!
 
% Commenting out!
Line 59: Line 59:
 
%% Search base of LDAP directory:
 
%% Search base of LDAP directory:
 
{ldap_base, "cn=users,LDAPBASE"}.
 
{ldap_base, "cn=users,LDAPBASE"}.
</pre>
+
</syntaxhighlight>
  
 
=== vCard (LDAP) ===
 
=== vCard (LDAP) ===
 
Other points to note here that only the values ​​in ''{ldap_rootdn,'' ''{ldap_password'' and LDAPBASE have to be changed. The remainder values ​​must remain as standard!
 
Other points to note here that only the values ​​in ''{ldap_rootdn,'' ''{ldap_password'' and LDAPBASE have to be changed. The remainder values ​​must remain as standard!
<pre>
+
<syntaxhighlight lang=erlang>
 
%% Used modules:
 
%% Used modules:
 
{modules,
 
{modules,
Line 100: Line 100:
 
   ...
 
   ...
 
]}.
 
]}.
</pre>
+
</syntaxhighlight>
  
 
Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.
 
Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.
<pre>
+
<syntaxhighlight lang=erlang>
 
{aaa, bbb, [
 
{aaa, bbb, [
 
   {auth_method, anonymous}, % here should be a comma
 
   {auth_method, anonymous}, % here should be a comma
Line 110: Line 110:
 
   ]
 
   ]
 
}. % here should be a point
 
}. % here should be a point
</pre>
+
</syntaxhighlight>
  
  
 
=== Ports / Firewall ===
 
=== Ports / Firewall ===
 
After this we have to check if the eJabberd servers is running correct.
 
After this we have to check if the eJabberd servers is running correct.
<pre>
+
<syntaxhighlight lang=bash>
 
ejabberdctl status
 
ejabberdctl status
</pre>
+
</syntaxhighlight>
 
The right output should look like the following:
 
The right output should look like the following:
 
<pre>
 
<pre>
Line 125: Line 125:
 
If the Jabber server is running correct, some ports in the firewall have to be activated. The ports ''5222'' and ''5269'' are needed. In the following we check if the ports are already opened and opens them if they're still closed.
 
If the Jabber server is running correct, some ports in the firewall have to be activated. The ports ''5222'' and ''5269'' are needed. In the following we check if the ports are already opened and opens them if they're still closed.
 
Checking if the ports open:
 
Checking if the ports open:
<pre>
+
<syntaxhighlight lang=bash>
 
netstat -plna | grep 5222
 
netstat -plna | grep 5222
 
netstat -plna | grep 5269
 
netstat -plna | grep 5269
</pre>
+
</syntaxhighlight>
 
Opening ports in the firewall
 
Opening ports in the firewall
<pre>
+
<syntaxhighlight lang=bash>
 
ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
 
ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
 
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT
 
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT
</pre>
+
</syntaxhighlight>
 
After opening the ports, the firewall have to be restarted:
 
After opening the ports, the firewall have to be restarted:
<pre>
+
<syntaxhighlight lang=bash>
 
/etc/init.d/univention-firewall restart
 
/etc/init.d/univention-firewall restart
</pre>
+
</syntaxhighlight>
  
 
=== Registration of new users ===
 
=== Registration of new users ===

Revision as of 10:28, 14 November 2012

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.
Produktlogo UCS Version 3.0

General Informations

Needed softwarepackages: erlang-base, ejabberd, erlang-nox

This article describes the set up of an eJabberd server and the binding to UCS. Because the scope of functions is quite large, we will respond the following themes in this article:

  • LDAP authentification
  • SSl/Plaintext (Port 5223)
  • vCard (from the LDAP)

The needed Softwarepackages can be installed directly via UCS, or downloaded as a Debian sourcecodepackage, translated on the UCS system and with the usual UCS commands installed.

eJabberd is a Jabber server whichs is written in the programing language Erlang which has through various modules a quite large scope of functions.

The eJabberd is configuarable with the file /etc/ejabberd/ejabberd.cfg. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized. The vaule of NAME is the output from two UCR variables, which were seperated bei comma.

ucr get hostname
ucr get domainname

e.g. master.example.org, the output from ucr get domainname is also the value for DOMAINNAME.

The value of LDAPBASE is the output from

ucr get ldap/base

General settings

...
%% mapping the administrator account of the Jabber server to a normal administrator
{acl, admin, {user, "administrator", "FQDN"}].
...
%% The domainname of the Jabber server
{hosts, ["DOMAINNAME"]}.

Authentification (LDAP)

...
% Commenting out!
%{auth_method, internal}

%% Authentication using LDAP
{auth_method, ldap}.
%% List of LDAP servers:
{ldap_servers, ["FQDN"]}.
%% Port connect to LDAP server:
{ldap_port, 7389}.
%% LDAP manager:
{ldap_rootdn, "uid=Administrator,cn=users,LDAPBASE"}.
%%
%% Password to LDAP manager:
{ldap_password, "PASSWORT"}.
%%
%% Search base of LDAP directory:
{ldap_base, "cn=users,LDAPBASE"}.

vCard (LDAP)

Other points to note here that only the values ​​in {ldap_rootdn, {ldap_password and LDAPBASE have to be changed. The remainder values ​​must remain as standard!

%% Used modules:
{modules,
[
  %% To bind the vCard to the LDAP server
  %% More fields can be added
  {mod_vcard_ldap, [
    {ldap_servers, ["FQDN"]},
    {ldap_rootdn, ""}, % Here must be inserted a value. Preferably the administrator!
    {ldap_password, ""}, % Password from the administrator
    {ldap_base, "cn=user,LDAPBASE},
    {ldap_uidattr, "uid"},
    {ldap_filter, ""},
    {ldap_vcard_map, [
      {"NICKNAME", "%u", []},
      {"FN", "%s", ["cn"]},
      {"EMAIL", "%s", ["mailPrimaryAdress"]},
      {"DESC", "%s", ["description"]}
    ]},
    {ldap_search_fields, [
      {"User", "%u"},
      {"Name", "givenName⅛"},
      {"Family Name", "sn"},
      {"Email", "mail"}
    ]},

    {ldap_search_reported, [
      {"Full Name", "FN"},
      {"Nickname", "NICKNAME"},
      {"Description", "DESC"}
    ]}
  ]},    
  ...
  %% The mod_vcard module should be commented out
  %{mod_vcard, []},
  ...
]}.

Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.

{aaa, bbb, [
  {auth_method, anonymous}, % here should be a comma
  {allow_multiple_connections, false}, % here should be a comma
  {anonymous_protocol, sasl_anon} % here must be no comma
  ]
}. % here should be a point


Ports / Firewall

After this we have to check if the eJabberd servers is running correct.

ejabberdctl status

The right output should look like the following:

The node ejabberd@example is stared with status: started
ejabberd 2.1.5 is running in that node

If the Jabber server is running correct, some ports in the firewall have to be activated. The ports 5222 and 5269 are needed. In the following we check if the ports are already opened and opens them if they're still closed. Checking if the ports open:

netstat -plna | grep 5222
netstat -plna | grep 5269

Opening ports in the firewall

ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT

After opening the ports, the firewall have to be restarted:

/etc/init.d/univention-firewall restart

Registration of new users

To login in a Jabber client it is not necessary to register a new user. The users will be created in the UMC as a normal user. The login information to connect to the Jabber server via a client are the same that are needed to login into a normal user account. If you want to connect to the eJabberd from a foreign host, you have to enter the IP adresse instead of the domainname in your client settings.

After this the server should run correctly and should be ready for chatting.

Personal tools