Difference between revisions of "Ejabberd in UCS"

From Univention Wiki

Jump to: navigation, search
(Replaced content with "[http://www.univention.de/produkte/univention-app-center/plucs/ PLUCS] is an XMPP (Jabber) service made for UCS, which is available in the [http://www.univention.de/produk...")
Line 1: Line 1:
{{Version|UCS=3.0}}
+
[http://www.univention.de/produkte/univention-app-center/plucs/ PLUCS] is an XMPP (Jabber) service made for UCS, which is available in the [http://www.univention.de/produkte/univention-app-center/ Univention App Center] and is fully compatible to the current UCS version.
{{Cool Solutions Disclaimer|Repository=no}}
 
{{Review-Status}}
 
 
 
=== PLUCS ===
 
[http://www.univention.de/produkte/univention-app-center/plucs/ PLUCS] is a XMPP (Jabber) service made for UCS, which is available in the [http://www.univention.de/produkte/univention-app-center/ Univention App Center] and is fully compatible to the current UCS version.
 
 
 
=== General Informations ===
 
Needed softwarepackages: erlang-base, ejabberd, erlang-nox
 
 
 
This article describes the set up of an eJabberd server and the binding to UCS. Because the scope of functions is quite large,  we will respond the following themes in this article:
 
 
 
* LDAP authentification
 
* SSl/Plaintext (Port 5223)
 
* vCard (from the LDAP)
 
 
 
The needed Softwarepackages can be installed directly via UCS, or downloaded as a Debian sourcecodepackage, translated on the UCS system and with the usual UCS commands installed.
 
 
 
eJabberd is a Jabber server whichs is written in the programing language ''Erlang'' which has through various modules a quite large scope of functions.
 
 
 
The eJabberd is configuarable with the file '''/etc/ejabberd/ejabberd.cfg'''. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized.
 
The vaule of NAME is the output from two UCR variables, which were seperated by dots.
 
<syntaxhighlight lang=bash>
 
ucr get hostname
 
ucr get domainname
 
</syntaxhighlight>
 
e.g. master.example.org, the output from '''ucr get domainname''' is also the value for DOMAINNAME.
 
 
 
The value of LDAPBASE is the output from
 
<syntaxhighlight lang=bash>
 
ucr get ldap/base
 
</syntaxhighlight>
 
 
 
=== General settings ===
 
<syntaxhighlight lang=erlang>
 
...
 
%% Admin user
 
{acl, admin, {user, "administrator", "FQDN"}].
 
...
 
%% Hostname
 
{hosts, ["DOMAINNAME"]}.
 
</syntaxhighlight>
 
 
 
=== Authentification (LDAP) ===
 
 
 
<syntaxhighlight lang=erlang>
 
...
 
% Commenting out!
 
%{auth_method, internal}
 
 
 
%% Authentication using LDAP
 
{auth_method, ldap}.
 
%% List of LDAP servers:
 
{ldap_servers, ["FQDN"]}.
 
%% Port connect to LDAP server:
 
{ldap_port, 7389}.
 
%% LDAP manager:
 
{ldap_rootdn, "uid=Administrator,cn=users,LDAPBASE"}.
 
%%
 
%% Password to LDAP manager:
 
{ldap_password, "PASSWORT"}.
 
%%
 
%% Search base of LDAP directory:
 
{ldap_base, "cn=users,LDAPBASE"}.
 
</syntaxhighlight>
 
 
 
=== vCard (LDAP) ===
 
Other points to note here that only the values ​​in ''{ldap_rootdn,'' ''{ldap_password'' and LDAPBASE have to be changed. The remainder values ​​must remain as standard!
 
<syntaxhighlight lang=erlang>
 
%% Used modules:
 
{modules,
 
[
 
  %% To bind the vCard to the LDAP server
 
  %% More fields can be added
 
  {mod_vcard_ldap, [
 
    {ldap_servers, ["FQDN"]},
 
    {ldap_rootdn, ""}, % Here must be inserted a value. Preferably the administrator!
 
    {ldap_password, ""}, % Password from the administrator
 
    {ldap_base, "cn=user,LDAPBASE"},
 
    {ldap_uidattr, "uid"},
 
    {ldap_filter, ""},
 
    {ldap_vcard_map, [
 
      {"NICKNAME", "%u", []},
 
      {"FN", "%s", ["cn"]},
 
      {"EMAIL", "%s", ["mailPrimaryAdress"]},
 
      {"DESC", "%s", ["description"]}
 
    ]},
 
    {ldap_search_fields, [
 
      {"User", "%u"},
 
      {"Name", "givenName⅛"},
 
      {"Family Name", "sn"},
 
      {"Email", "mail"}
 
    ]},
 
 
 
    {ldap_search_reported, [
 
      {"Full Name", "FN"},
 
      {"Nickname", "NICKNAME"},
 
      {"Description", "DESC"}
 
    ]}
 
  ]},   
 
  ...
 
  %% The mod_vcard module should be commented out
 
  %{mod_vcard, []},
 
  ...
 
]}.
 
</syntaxhighlight>
 
 
 
Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.
 
<syntaxhighlight lang=erlang>
 
{aaa, bbb, [
 
  {auth_method, anonymous}, % here should be a comma
 
  {allow_multiple_connections, false}, % here should be a comma
 
  {anonymous_protocol, sasl_anon} % here must be no comma
 
  ]
 
}. % here should be a point
 
</syntaxhighlight>
 
 
 
=== Ports / Firewall ===
 
After this we have to check if the eJabberd servers is running correct.
 
<syntaxhighlight lang=bash>
 
ejabberdctl status
 
</syntaxhighlight>
 
The right output should look like the following:
 
<pre>
 
The node ejabberd@example is stared with status: started
 
ejabberd 2.1.5 is running in that node
 
</pre>
 
If the Jabber server is running correct, some ports in the firewall have to be activated. The ports ''5222'' and ''5269'' are needed. In the following we check if the ports are already opened and opens them if they're still closed.
 
Checking if the ports open:
 
<syntaxhighlight lang=bash>
 
netstat -plna | grep 5222
 
netstat -plna | grep 5269
 
</syntaxhighlight>
 
Opening ports in the firewall
 
<syntaxhighlight lang=bash>
 
ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
 
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT
 
</syntaxhighlight>
 
After opening the ports, the firewall have to be restarted:
 
<syntaxhighlight lang=bash>
 
/etc/init.d/univention-firewall restart
 
</syntaxhighlight>
 
 
 
=== Registration of new users ===
 
To login in a Jabber client it is not necessary to register a new user. The users will be created in the UMC as a normal user. The login information to connect to the Jabber server via a client are the same that are needed to login into a normal user account. If you want to connect to the eJabberd from a foreign host, you have to enter the IP adresse instead of the domainname in your client settings.
 
 
 
After this the server should run correctly and should be ready for chatting.
 
 
 
[[Category:Cool Solutions Repository]]
 
[[Category:EN]]
 

Revision as of 12:37, 17 May 2017

PLUCS is an XMPP (Jabber) service made for UCS, which is available in the Univention App Center and is fully compatible to the current UCS version.

Personal tools