Ejabberd in UCS

From Univention Wiki

Revision as of 10:38, 14 November 2012 by Frahm (talk | contribs)
Jump to: navigation, search

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.
Produktlogo UCS Version 3.0

General Informations

Needed softwarepackages: erlang-base, ejabberd, erlang-nox

This article describes the set up of an eJabberd server and the binding to UCS. Because the scope of functions is quite large, we will respond the following themes in this article:

  • LDAP authentification
  • SSl/Plaintext (Port 5223)
  • vCard (from the LDAP)

The needed Softwarepackages can be installed directly via UCS, or downloaded as a Debian sourcecodepackage, translated on the UCS system and with the usual UCS commands installed.

eJabberd is a Jabber server whichs is written in the programing language Erlang which has through various modules a quite large scope of functions.

The eJabberd is configuarable with the file /etc/ejabberd/ejabberd.cfg. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized. The vaule of NAME is the output from two UCR variables, which were seperated bei comma.

ucr get hostname
ucr get domainname

e.g. master.example.org, the output from ucr get domainname is also the value for DOMAINNAME.

The value of LDAPBASE is the output from

ucr get ldap/base

General settings

...
%% mapping the administrator account of the Jabber server to a normal administrator
{acl, admin, {user, "administrator", "FQDN"}].
...
%% The domainname of the Jabber server
{hosts, ["DOMAINNAME"]}.

Authentification (LDAP)

...
% Commenting out!
%{auth_method, internal}

%% Authentication using LDAP
{auth_method, ldap}.
%% List of LDAP servers:
{ldap_servers, ["FQDN"]}.
%% Port connect to LDAP server:
{ldap_port, 7389}.
%% LDAP manager:
{ldap_rootdn, "uid=Administrator,cn=users,LDAPBASE"}.
%%
%% Password to LDAP manager:
{ldap_password, "PASSWORT"}.
%%
%% Search base of LDAP directory:
{ldap_base, "cn=users,LDAPBASE"}.

vCard (LDAP)

Other points to note here that only the values ​​in {ldap_rootdn, {ldap_password and LDAPBASE have to be changed. The remainder values ​​must remain as standard!

%% Used modules:
{modules,
[
  %% To bind the vCard to the LDAP server
  %% More fields can be added
  {mod_vcard_ldap, [
    {ldap_servers, ["FQDN"]},
    {ldap_rootdn, ""}, % Here must be inserted a value. Preferably the administrator!
    {ldap_password, ""}, % Password from the administrator
    {ldap_base, "cn=user,LDAPBASE},
    {ldap_uidattr, "uid"},
    {ldap_filter, ""},
    {ldap_vcard_map, [
      {"NICKNAME", "%u", []},
      {"FN", "%s", ["cn"]},
      {"EMAIL", "%s", ["mailPrimaryAdress"]},
      {"DESC", "%s", ["description"]}
    ]},
    {ldap_search_fields, [
      {"User", "%u"},
      {"Name", "givenName⅛"},
      {"Family Name", "sn"},
      {"Email", "mail"}
    ]},

    {ldap_search_reported, [
      {"Full Name", "FN"},
      {"Nickname", "NICKNAME"},
      {"Description", "DESC"}
    ]}
  ]},    
  ...
  %% The mod_vcard module should be commented out
  %{mod_vcard, []},
  ...
]}.

Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.

{aaa, bbb, [
  {auth_method, anonymous}, % here should be a comma
  {allow_multiple_connections, false}, % here should be a comma
  {anonymous_protocol, sasl_anon} % here must be no comma
  ]
}. % here should be a point


Ports / Firewall

After this we have to check if the eJabberd servers is running correct.

ejabberdctl status

The right output should look like the following:

The node ejabberd@example is stared with status: started
ejabberd 2.1.5 is running in that node

If the Jabber server is running correct, some ports in the firewall have to be activated. The ports 5222 and 5269 are needed. In the following we check if the ports are already opened and opens them if they're still closed. Checking if the ports open:

netstat -plna | grep 5222
netstat -plna | grep 5269

Opening ports in the firewall

ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT

After opening the ports, the firewall have to be restarted:

/etc/init.d/univention-firewall restart

Registration of new users

To login in a Jabber client it is not necessary to register a new user. The users will be created in the UMC as a normal user. The login information to connect to the Jabber server via a client are the same that are needed to login into a normal user account. If you want to connect to the eJabberd from a foreign host, you have to enter the IP adresse instead of the domainname in your client settings.

After this the server should run correctly and should be ready for chatting.

Personal tools