Difference between revisions of "User:Frahm"

From Univention Wiki

Jump to: navigation, search
(Created page with "== Jabber Server with UCS == This article describes the set up of different Jabber servers with UCS. Becaus the scope of functions is quite large, the following points will be r...")
 
Line 1: Line 1:
== Jabber Server with UCS ==
+
== Jabber Server with UCs ==
 
+
This article describes the set up of different Jabber servers in UCS. The scope of functions in Jabber is quite large, therfore we only respond the following points in this article.
This article describes the set up of different Jabber servers with UCS. Becaus the scope of functions is quite large, the following points will be respond in this article.
 
  
 
* LDAP authentification
 
* LDAP authentification
Line 7: Line 6:
 
* vCard (from LDAP)
 
* vCard (from LDAP)
 
* shared roster
 
* shared roster
* Binding to other IM protocols (called 'transport' in the article)
+
* Binding to other IM protocols (called 'transports' in the article)
 
* Chatrooms
 
* Chatrooms
  
The needed software packages can be installed directly on UCS, or downloaded as a Debian sourcecode package then translated on the UCS system and installed with the usual UCS commands (see also ...)
+
The needed software packages can be installed directly on UCS, or can be downloaded as a Debian sourcecode package then translated on the UCS system and installed with the usual UCS commands.
  
 
== eJabberd ==
 
== eJabberd ==
 +
eJabberd is a Jabber server which is written in the pograming language "Erlang". By various modules he reached a wide range of functions. The eJabberd is configurable with the file '''/etc/ejabberd/ejabber.cfg'''. The following part shows the main parameters (HOSTNAME, LDAPBASE etc. have to be customized)
  
eJabberd is a Jabber server who is written in the programing language "Erlang". ... . By various modules he reached a wide range of functions. The ejabberd is configurable over the file "/etc/ejabberd/ejabberd.cfg" The following Part shows the main parameters (HOSTNAME, LDAPBASE etc. have to be customized)
+
''Hint'': Maybe you have to install a few more packages, so that the description works correctly. The packages will be called in the section where there needed.
  
 
=== General settings ===
 
=== General settings ===
<pre>
 
%% mapping the administrator account of the Jabber server to a normal administrator
 
{acl, admin, {user, "administrator", "HOSTNAME"}}.
 
...
 
%% The hostname of the Jabber server
 
{hosts, ["HOSTNAME"]}.
 
...
 
</pre>
 
  
=== Authentification (LDAP) ===
+
  %% mapping the administrator account of the Jabber server to a normal administrator
<pre>
+
{acl, admin, {user, "administrator", "HOSTNAME"}}.
...
+
..
% Uncomment!
+
%% The hostname of the Jabber server
%{auth_method, internal}
+
{hosts, ["HOSTNAME"]}.
   
+
...
%% LDAP authentification with localhost
+
Authentification (LDAP)
%% LDAPBASE is the output from "ucr geht ldap/base"
+
...
{auth_method, ldap}.
+
% Uncomment!
{ldap_servers, ["localhost"]}. % List of LDAP servers
+
%{auth_mehtod, internal}
{ldap_uidattr, "uid"}. %LDAP attribute that holds user ID
 
{ldap_base, "cn=users,LDAPBASE"}. %Search base of LDAP directory
 
...
 
</pre>
 
  
=== vCard (LDAP) ===
+
%% LDAP authentification with localhost
<pre>
+
%% LDAPBASE is the output from "ucr get ldap/base"
%%Used modules:
+
{auth_method, ldap}.
{modules,
+
{ldap_servers, ["localhost"]}. %list of LDAP servers
[
+
{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
  %% To bind the vCard to the LDAP server
+
{ldap_base, "cn=user,LDAPBASE"}. %Search base of LDAP directory
 +
 
 +
=== vCard ===
 +
 
 +
%%Used modules:
 +
{modules
 +
[
 +
  %% To bind the cVcard to the LDAP server
 
  %% More fields can be added.
 
  %% More fields can be added.
 
   {mod_vcard_ldap, [
 
   {mod_vcard_ldap, [
Line 52: Line 47:
 
   {ldap_rootdn, ""},
 
   {ldap_rootdn, ""},
 
   {ldap_password, ""},
 
   {ldap_password, ""},
   {ldap_base, "cn=users,LDAPBASE"},
+
   {ldap_base, "cn=user,LDAPBASE},
   {ldap_uidattr, "uid"},
+
   {ldap_uids, [{"mail", "%u@mail.example.org"}]},
 
   {ldap_filter, ""},
 
   {ldap_filter, ""},
 
   {ldap_vcard_map, [
 
   {ldap_vcard_map, [
     {"NICKNAME", "%u", []},
+
     {"NIOKNAME", "%u", []},
 
     {"FN", "%s", ["cn"]},
 
     {"FN", "%s", ["cn"]},
 
     {"EMAIL", "%s", ["mailPrimaryAddress"]},
 
     {"EMAIL", "%s", ["mailPrimaryAddress"]},
Line 65: Line 60:
 
     {"Name", "givenName"},
 
     {"Name", "givenName"},
 
     {"Family Name", "sn"},
 
     {"Family Name", "sn"},
     {"Email", "mail"},
+
     {"Email", "mail},
   ]},
+
   ]}
 
   {ldap_search_reported, [
 
   {ldap_search_reported, [
    {"Full Name", "FN"},
+
    {"Full Name", "FN"},
 
     {"Nickname", "NICKNAME"},
 
     {"Nickname", "NICKNAME"},
 
     {"Description", "DESC"},
 
     {"Description", "DESC"},
 
   ]}
 
   ]}
]},
+
  ]},
...
+
  ...
%% The module "mod_vcard" should be commented out
+
  %% The module "mod_vcard" should be commented out
%{mod_vcard, []},
+
  %{mod_vcard, []},
...
+
  ...
]}.
+
]}.
</pre>
 
 
 
eJabberd doesn't support protocols like AIM, ICQ etc. For this there are som HowTo's (in which started a new Jabber server for each protocol)
 
*
 
*
 
*
 
  
 
=== Shared roster ===
 
=== Shared roster ===
Shared roster distributes automaticly contactlists for the Jabber users, this doesn't worl correctly with the binding on the LDAP database. There is another module "mod_ctlextra" by which one can at least make known each account with each (push-alltoall).
+
Shared roster distributes automaticly contactlists for the Jabber users, this doesn't work correctly with the binding on the LDAP database. There is antoher module "mod_ctlextra" by which one can at at least make known each account with each (push-alltoall).
<pre>
+
''Hint: Here you need SVN and Erlang Packages!''
cd /opt
+
cd /opt
svn co https://svn.process-one.net/ejabberd-modules
+
svn co https://svn.process-one.net/ejabberd-modules
cd /opt/ejabberd-modules/mod_ctlextra/trunk
+
cd /opt/ejabberd-modules/mod_ctlextra/trunk
./build.sh
+
./build.sh
cp ebin/mod_ctlextra.beam /usr/lib/erlang/lib/ejabberd-1.2.2/ebin
+
cp ebin/mod_ctlextra.beam /usr/lib/erlang/lib/ejabberd-1.2.2/ebin
</pre>
 
 
 
After this, the module "mod_ctlextra" can be activated in the configuaration file.
 
<pre>
 
% Used modules:
 
{modules, [
 
...
 
{mod_ctlextra,  []}, % !!!
 
...
 
{mod_version,  []}
 
]}.
 
</pre>
 
  
 +
After this, the module "mod_ctlextra" can be activated in the configuration file.
 +
% Used modules:
 +
{modules, [
 +
  ...
 +
  {mod_ctlextra, []}, % !!!
 +
  ...
 +
  {mod_version, []}
 +
]}.
 
After restarting the Jabber server
 
After restarting the Jabber server
<pre>
+
/etc/init.d/ejabberd restart
/etc/init.d/ejabberd restart
+
the commandlineprogramm from eJabberd "ejabberdctl" knows additional commands.
</pre>
 
the commandlineprogramm from ejabberd "ejabberdctl" knows additional commands
 
<pre>
 
% all accounts will be introduced to the group everybody
 
-> ejabberdct1 push-alltoall JABBERSERVER everybody
 
 
% delet all authorizations
 
-> ejabberdct1 rosteritem-purger -remote *.@JABBERSERVER -subs both
 
 
% user2 with "nick" in the roster group "group" from user1 with subscriptions type "both"
 
-> ejabberdct1 add-rosteritem user1 JABBERSERVER user2 JABBERSERVER nick group both
 
...
 
</pre>
 
 
 
With this commands the "shared roster" are build quite fast.
 
 
 
Another hint to the configuartion file of the ejabberd. Unfortunately the syntax is a little bit complicated and the error outputs are not really meaningful. You should pay attention to every point and comma.
 
<pre>
 
aaa,bbb, [
 
  {auth_method, anonymous},            % here must be a comma
 
  {allow_multiple_connections, false},  % here must be a comma
 
  {anonymous_protocol, sasl_anon}      %commas are not allowd here!
 
  ]
 
}.                                      %here must be a full stop
 
</pre>
 
 
 
== Jabberd 1.4 ==
 
 
 
This older Jabber server is available as a Debian package, too. This server runs stable and have (almost) all needed features.
 
Unfortinaly he can't bind directyl to the LDAP. All informations (authentification, roster, vCard) are in XML files in the directory "/var/lib/jabber/JABBERHOST/UHSER.xml". These files can be generated for every user with a script that uses the LDAP database. The XML file looks like the following:
 
<pre>
 
<xdb>
 
<!-- Account information -->
 
<crypt xdbns="jabber:iq:auth:crypt" xmlns="jabber:iq:auth:crypt">crypt_hash</crypt>
 
<query sdbns="jabber:iq:register" xmlns="jabber:iq:register">
 
  <username>name a</username>
 
  <x stamp="20071004T12:07" xmlns="jabber:x:delay">registered</x>
 
</query>
 
<!-- roster list with 2 subscriptions -->
 
<query sdbns=jabber:iq:roster" xmlns="jabber:iq:roster">
 
  <item name="rostergroup1" jid="name_b@jabber.domain.de"subscription="both">
 
  <group>b</group>
 
  </item>
 
  <item name="rostergroup2" jid="name_c@jabber.domain.de" subscription="both">
 
  <group>c</group>
 
  </item>
 
</query>
 
<!-- vCard informations -->
 
<vCard prodid="-//HandGen//NONSGML vGen v1.0//EN" version="2.0" xdbns="vcard-temp" xmlns="vcard-temp">
 
  <EMAIL>
 
  <USERID>name_a@b.c</USERID>
 
  </EMAIL>
 
  <FN>Name_a lastname_a</FN>
 
  <NICKNAME>b</NICKNAME>
 
  <ORG>
 
  <ORGUNIT>Home</ORGUNIT>
 
  </ORG>
 
  <TEL>
 
  <NUMBER>34233</NUMBER>
 
<vCard>
 
</xdb>
 
</pre>
 
 
 
The server is configuarable in the file "/etc/jabber/jabber.xml", the transports (to other IM protocols) in the files "/etc/jabber/jabber-*xml" or "/etc/default/jabber-*" where they can be activated.
 
 
 
The main settings in the Jabber server configuartionfile "/etc/jabber/jabber.xml" are the following:
 
 
 
=== Hostname ===
 
<pre>
 
...
 
<!-- JABBERHOSTNAME - FQDN from the Jabber server -->
 
<host><jabber:cmdline flag="h">JABBERHOSTNAME</jabber:cmdline></host
 
...
 
</pre>
 
 
 
=== Administrator ===
 
<pre>
 
<!-- ADMIN JID - the Jabber ID from the Administrator>
 
...
 
<admin><read>ADMIN JID</read><writer>ADMIN JID</write></admin>
 
...
 
</pre>
 
 
 
=== Password ===
 
<pre>
 
...
 
<!-- Depending on the type of the passwordhash ... -->
 
<mod_auth_crypt>
 
<hash>crypt</hash>
 
</mod_auth_crypt>
 
...
 
<mod_auth_cryp>./jsm/jsm.so</mod_auth_crypt>
 
...
 
</pre>
 
 
 
=== Service/Transports ===
 
<pre>
 
...
 
<!-- Services/Transports, that are offering -->
 
<browse>
 
...
 
<service type="msn" jid="msn.jabber.DOMAIN" name="MSN Link">>
 
  <ns>jabber:iq:gateway</ns>
 
  <ns>jabber:iq:register</ns>
 
</service>
 
...
 
</browse>
 
...
 
<! -- The Services/Transports configuration (with the files from "/etc/jabber/jabber*.xml) -->
 
...
 
<service id="muclinker.jabber.DOMAIN">
 
<host>conference.jabber.DOMAIN</host>
 
<accept>
 
  <ip>127.0.0.1</ip>
 
  <port>31518</port>
 
  <secret>secret</secret>
 
</accept>
 
</service>
 
<service id="aim.jabber.DOMAIN">
 
...
 
</pre>
 
 
 
=== SSL ===
 
<pre>
 
<!-- SSL configuration -->
 
<servic id="c2s"
 
...
 
<pthcsock smlns='jabber:config:pth-csock'>
 
  ...
 
  <ssl port="5223">194.95.183.244</ssl>
 
...
 
</service>
 
...
 
<io>
 
...
 
<ssl>
 
  <key ip='194.95.183.244>/etc/jabber/jabber.pem</key>
 
</ssl>
 
...
 
</io>
 
</pre>
 
 
 
After the configuration of the Jabber host, the authentification, the transports, SSL etc. the server (including all transports) can be started or stopped with
 
<pre>
 
/etc/init.d/jabber start|stop
 
</pre>
 

Revision as of 12:13, 16 October 2012

Jabber Server with UCs

This article describes the set up of different Jabber servers in UCS. The scope of functions in Jabber is quite large, therfore we only respond the following points in this article.

  • LDAP authentification
  • SSL/Plaintext (Port 5223)
  • vCard (from LDAP)
  • shared roster
  • Binding to other IM protocols (called 'transports' in the article)
  • Chatrooms

The needed software packages can be installed directly on UCS, or can be downloaded as a Debian sourcecode package then translated on the UCS system and installed with the usual UCS commands.

eJabberd

eJabberd is a Jabber server which is written in the pograming language "Erlang". By various modules he reached a wide range of functions. The eJabberd is configurable with the file /etc/ejabberd/ejabber.cfg. The following part shows the main parameters (HOSTNAME, LDAPBASE etc. have to be customized)

Hint: Maybe you have to install a few more packages, so that the description works correctly. The packages will be called in the section where there needed.

General settings

%% mapping the administrator account of the Jabber server to a normal administrator
{acl, admin, {user, "administrator", "HOSTNAME"}}.
..
%% The hostname of the Jabber server
{hosts, ["HOSTNAME"]}.
...

Authentification (LDAP)

...
% Uncomment!
%{auth_mehtod, internal}
%% LDAP authentification with localhost
%% LDAPBASE is the output from "ucr get ldap/base"
{auth_method, ldap}.
{ldap_servers, ["localhost"]}. %list of LDAP servers
{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
{ldap_base, "cn=user,LDAPBASE"}. %Search base of LDAP directory

vCard

%%Used modules:
{modules
[
%% To bind the cVcard to the LDAP server
%% More fields can be added.
 {mod_vcard_ldap, [
  {ldap_servers, ["localhost"]},
  {ldap_rootdn, ""},
  {ldap_password, ""},
  {ldap_base, "cn=user,LDAPBASE},
  {ldap_uids, [{"mail", "%u@mail.example.org"}]},
  {ldap_filter, ""},
  {ldap_vcard_map, [
   {"NIOKNAME", "%u", []},
   {"FN", "%s", ["cn"]},
   {"EMAIL", "%s", ["mailPrimaryAddress"]},
   {"DESC", "%s", ["description"]}
  ]},
  {ldap_search_fields, [
   {"User", "%u"},
   {"Name", "givenName"},
   {"Family Name", "sn"},
   {"Email", "mail},
  ]}
  {ldap_search_reported, [
   {"Full Name", "FN"},
   {"Nickname", "NICKNAME"},
   {"Description", "DESC"},
  ]}
 ]},
 ...
 %% The module "mod_vcard" should be commented out
 %{mod_vcard, []},
 ...
]}.

Shared roster

Shared roster distributes automaticly contactlists for the Jabber users, this doesn't work correctly with the binding on the LDAP database. There is antoher module "mod_ctlextra" by which one can at at least make known each account with each (push-alltoall). Hint: Here you need SVN and Erlang Packages!

cd /opt
svn co https://svn.process-one.net/ejabberd-modules
cd /opt/ejabberd-modules/mod_ctlextra/trunk
./build.sh
cp ebin/mod_ctlextra.beam /usr/lib/erlang/lib/ejabberd-1.2.2/ebin

After this, the module "mod_ctlextra" can be activated in the configuration file.

% Used modules: 
{modules, [
 ...
 {mod_ctlextra, []}, % !!!
 ...
 {mod_version, []}
]}.

After restarting the Jabber server

/etc/init.d/ejabberd restart

the commandlineprogramm from eJabberd "ejabberdctl" knows additional commands.

Personal tools