Difference between revisions of "User:Frahm"

From Univention Wiki

Jump to: navigation, search
(Blanked the page)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Cool Solutions Disclaimer}}
 
{{Review-Status}}
 
{{Version|UCS=3.0}}
 
=eJabberd in UCS=
 
Needed softwarepackages: erlang-base, ejabberd, erlang-nox
 
  
This article describes the set up of an eJabberd server and the binding to UCS. Because the scope of functions is quite large,  we will respond the following themes in this article:
 
 
* LDAP authentification
 
* SSl/Plaintext (Port 5223)
 
* vCard (from the LDAP)
 
 
The needed Softwarepackages can be installed directly via UCS, or downloaded as a Debian sourcecodepackage, translated on the UCS system and with the usual UCS commands installed.
 
 
eJabberd is a Jabber server whichs is written in the programing language ''Erlang'' which has through various modules a quite large scope of functions.
 
 
The eJabberd is configuarable with the file ''/etc/ejabberd/ejabberd.cfg''. In the following the main parameters will be respond. FQDN, DOMAINNAME and LDAPBASE have to be customized.
 
The vaule of NAME is the output from two UCR variables, which were seperated bei comma.
 
<pre>
 
ucr get hostname
 
ucr get domainname
 
</pre>
 
e.g. master.example.org, the output from ''ucr get domainname'' is also the value for DOMAINNAME.
 
The value of LDAPBASE is the output from
 
<pre>
 
ucr get ldap/base
 
</pre>
 
 
=== General settings ===
 
<pre>
 
...
 
%% mapping the administrator account of the Jabber server to a normal administrator
 
{acl, admin, {user, "administrator", "FQDN"}].
 
...
 
%% The domainname of the Jabber server
 
{hosts, ["DOMAINNAME"]}.
 
</pre>
 
 
=== Authentification (LDAP) ===
 
 
<pre>
 
...
 
% Commenting out!
 
%{auth_method, internal}
 
 
%% Authentication using LDAP
 
{auth_method, ldap}.
 
%% List of LDAP servers:
 
{ldap_servers, ["FQDN"]}.
 
%% Port connect to LDAP server:
 
{ldap_port, 7389}.
 
%% LDAP manager:
 
{ldap_rootdn, "uid=Administrator,cn=users,LDAPBASE"}.
 
%%
 
%% Password to LDAP manager:
 
{ldap_password, "PASSWORT"}.
 
%%
 
%% Search base of LDAP directory:
 
{ldap_base, "cn=users,LDAPBASE"}.
 
</pre>
 
 
=== vCard (LDAP) ===
 
Other points to note here that only the values ​​in ''{ldap_rootdn,'' ''{ldap_password'' and LDAPBASE have to be changed. The remainder values ​​must remain as standard!
 
<pre>
 
%% Used modules:
 
{modules,
 
[
 
  %% To bind the vCard to the LDAP server
 
  %% More fields can be added
 
  {mod_vcard_ldap, [
 
    {ldap_servers, ["FQDN"]},
 
    {ldap_rootdn, ""}, % Here must be inserted a value. Preferably the administrator!
 
    {ldap_password, ""}, % Password from the administrator
 
    {ldap_base, "cn=user,LDAPBASE},
 
    {ldap_uidattr, "uid"},
 
    {ldap_filter, ""},
 
    {ldap_vcard_map, [
 
      {"NICKNAME", "%u", []},
 
      {"FN", "%s", ["cn"]},
 
      {"EMAIL", "%s", ["mailPrimaryAdress"]},
 
      {"DESC", "%s", ["description"]}
 
    ]},
 
    {ldap_search_fields, [
 
      {"User", "%u"},
 
      {"Name", "givenName⅛"},
 
      {"Family Name", "sn"},
 
      {"Email", "mail"}
 
    ]},
 
 
    {ldap_search_reported, [
 
      {"Full Name", "FN"},
 
      {"Nickname", "NICKNAME"},
 
      {"Description", "DESC"}
 
    ]}
 
  ]},   
 
  ...
 
  %% The mod_vcard module should be commented out
 
  %{mod_vcard, []},
 
  ...
 
]}.
 
</pre>
 
 
Another hint to the configurationfile from the eJabberd. Unfortunaley the syntax is quite complicated and the error messages with incorrect syntax are not very meaningful. So you should pay attention to every point and comma.
 
<pre>
 
{aaa, bbb, [
 
  {auth_method, anonymous}, % here should be a comma
 
  {allow_multiple_connections, false}, % here should be a comma
 
  {anonymous_protocol, sasl_anon} % here must be no comma
 
  ]
 
}. % here should be a point
 
</pre>
 
After this we have to check if the eJabberd servers is running correct.
 
<pre>
 
ejabberdctl status
 
</pre>
 
The right output should look like the following:
 
<pre>
 
The node ejabberd@example is stared with status: started
 
ejabberd 2.1.5 is running in that node
 
</pre>
 
If the Jabber server is running correct, some ports in the firewall have to be activated. The ports ''5222'' and ''5269'' are needed. In the following we check if the ports are already opened and opens them if they're still closed.
 
Checking if the ports open:
 
<pre>
 
netstat -plna | grep 5222
 
netstat -plna | grep 5269
 
</pre>
 
Opening ports in the firewall
 
<pre>
 
ucr set security/packetfilter/ejabberd/tcp/5222/all=ACCEPT
 
ucr set security/packetfilter/ejabberd/tcp/5269/all=ACCEPT
 
</pre>
 
After opening the ports, the firewall have to be restarted:
 
<pre>
 
/etc/init.d/univention-firewall restart
 
</pre>
 
The server should run now correct.
 

Latest revision as of 06:48, 21 May 2013

Personal tools