User:Frahm

From Univention Wiki

Revision as of 12:14, 4 October 2012 by Frahm (talk | contribs) (Created page with "== Jabber Server with UCS == This article describes the set up of different Jabber servers with UCS. Becaus the scope of functions is quite large, the following points will be r...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Jabber Server with UCS

This article describes the set up of different Jabber servers with UCS. Becaus the scope of functions is quite large, the following points will be respond in this article.

  • LDAP authentification
  • SSL/Plaintext (Port 5223)
  • vCard (from LDAP)
  • shared roster
  • Binding to other IM protocols (called 'transport' in the article)
  • Chatrooms

The needed software packages can be installed directly on UCS, or downloaded as a Debian sourcecode package then translated on the UCS system and installed with the usual UCS commands (see also ...)

eJabberd

eJabberd is a Jabber server who is written in the programing language "Erlang". ... . By various modules he reached a wide range of functions. The ejabberd is configurable over the file "/etc/ejabberd/ejabberd.cfg" The following Part shows the main parameters (HOSTNAME, LDAPBASE etc. have to be customized)

General settings

%% mapping the administrator account of the Jabber server to a normal administrator
{acl, admin, {user, "administrator", "HOSTNAME"}}.
...
%% The hostname of the Jabber server
{hosts, ["HOSTNAME"]}.
...

Authentification (LDAP)

...
% Uncomment!
%{auth_method, internal}
 
%% LDAP authentification with localhost
%% LDAPBASE is the output from "ucr geht ldap/base"
{auth_method, ldap}.
{ldap_servers, ["localhost"]}. % List of LDAP servers
{ldap_uidattr, "uid"}. %LDAP attribute that holds user ID
{ldap_base, "cn=users,LDAPBASE"}. %Search base of LDAP directory
...

vCard (LDAP)

%%Used modules:
{modules,
[
 %% To bind the vCard to the LDAP server
 %% More fields can be added.
  {mod_vcard_ldap, [
   {ldap_servers, ["localhost"]},
   {ldap_rootdn, ""},
   {ldap_password, ""},
   {ldap_base, "cn=users,LDAPBASE"},
   {ldap_uidattr, "uid"},
   {ldap_filter, ""},
   {ldap_vcard_map, [
    {"NICKNAME", "%u", []},
    {"FN", "%s", ["cn"]},
    {"EMAIL", "%s", ["mailPrimaryAddress"]},
    {"DESC", "%s", ["description"]}
   ]},
   {ldap_search_fields, [
    {"User", "%u"},
    {"Name", "givenName"},
    {"Family Name", "sn"},
    {"Email", "mail"},
   ]},
   {ldap_search_reported, [
     {"Full Name", "FN"},
    {"Nickname", "NICKNAME"},
    {"Description", "DESC"},
   ]}
 ]},
 ...
 %% The module "mod_vcard" should be commented out
 %{mod_vcard,  []},
 ...
]}.

eJabberd doesn't support protocols like AIM, ICQ etc. For this there are som HowTo's (in which started a new Jabber server for each protocol)

Shared roster

Shared roster distributes automaticly contactlists for the Jabber users, this doesn't worl correctly with the binding on the LDAP database. There is another module "mod_ctlextra" by which one can at least make known each account with each (push-alltoall).

cd /opt
svn co https://svn.process-one.net/ejabberd-modules
cd /opt/ejabberd-modules/mod_ctlextra/trunk
./build.sh
cp ebin/mod_ctlextra.beam /usr/lib/erlang/lib/ejabberd-1.2.2/ebin

After this, the module "mod_ctlextra" can be activated in the configuaration file.

% Used modules:
{modules, [
 ...
 {mod_ctlextra,   []}, % !!!
 ...
 {mod_version,   []}
]}.

After restarting the Jabber server

/etc/init.d/ejabberd restart

the commandlineprogramm from ejabberd "ejabberdctl" knows additional commands

% all accounts will be introduced to the group everybody
-> ejabberdct1 push-alltoall JABBERSERVER everybody
 
% delet all authorizations
-> ejabberdct1 rosteritem-purger -remote *.@JABBERSERVER -subs both
 
% user2 with "nick" in the roster group "group" from user1 with subscriptions type "both"
-> ejabberdct1 add-rosteritem user1 JABBERSERVER user2 JABBERSERVER nick group both
...

With this commands the "shared roster" are build quite fast.

Another hint to the configuartion file of the ejabberd. Unfortunately the syntax is a little bit complicated and the error outputs are not really meaningful. You should pay attention to every point and comma.

aaa,bbb, [
  {auth_method, anonymous},             % here must be a comma
  {allow_multiple_connections, false},  % here must be a comma
  {anonymous_protocol, sasl_anon}       %commas are not allowd here!
  ]
}.                                      %here must be a full stop

Jabberd 1.4

This older Jabber server is available as a Debian package, too. This server runs stable and have (almost) all needed features. Unfortinaly he can't bind directyl to the LDAP. All informations (authentification, roster, vCard) are in XML files in the directory "/var/lib/jabber/JABBERHOST/UHSER.xml". These files can be generated for every user with a script that uses the LDAP database. The XML file looks like the following:

<xdb>
 <!-- Account information -->
 <crypt xdbns="jabber:iq:auth:crypt" xmlns="jabber:iq:auth:crypt">crypt_hash</crypt>
 <query sdbns="jabber:iq:register" xmlns="jabber:iq:register">
  <username>name a</username>
  <x stamp="20071004T12:07" xmlns="jabber:x:delay">registered</x>
 </query>
 <!-- roster list with 2 subscriptions -->
 <query sdbns=jabber:iq:roster" xmlns="jabber:iq:roster">
  <item name="rostergroup1" jid="name_b@jabber.domain.de"subscription="both">
   <group>b</group>
  </item>
  <item name="rostergroup2" jid="name_c@jabber.domain.de" subscription="both">
  <group>c</group>
  </item>
 </query>
 <!-- vCard informations -->
 <vCard prodid="-//HandGen//NONSGML vGen v1.0//EN" version="2.0" xdbns="vcard-temp" xmlns="vcard-temp">
  <EMAIL>
   <USERID>name_a@b.c</USERID>
  </EMAIL>
  <FN>Name_a lastname_a</FN>
  <NICKNAME>b</NICKNAME>
  <ORG>
   <ORGUNIT>Home</ORGUNIT>
  </ORG>
  <TEL>
   <NUMBER>34233</NUMBER>
 <vCard>
</xdb>

The server is configuarable in the file "/etc/jabber/jabber.xml", the transports (to other IM protocols) in the files "/etc/jabber/jabber-*xml" or "/etc/default/jabber-*" where they can be activated.

The main settings in the Jabber server configuartionfile "/etc/jabber/jabber.xml" are the following:

Hostname

...
<!-- JABBERHOSTNAME - FQDN from the Jabber server -->
<host><jabber:cmdline flag="h">JABBERHOSTNAME</jabber:cmdline></host
...

Administrator

<!-- ADMIN JID - the Jabber ID from the Administrator>
...
<admin><read>ADMIN JID</read><writer>ADMIN JID</write></admin>
...

Password

...
<!-- Depending on the type of the passwordhash ... -->
<mod_auth_crypt>
 <hash>crypt</hash>
</mod_auth_crypt>
...
<mod_auth_cryp>./jsm/jsm.so</mod_auth_crypt>
...

Service/Transports

...
<!-- Services/Transports, that are offering -->
<browse>
 ...
 <service type="msn" jid="msn.jabber.DOMAIN" name="MSN Link">>
  <ns>jabber:iq:gateway</ns>
  <ns>jabber:iq:register</ns>
 </service>
 ...
</browse>
...
<! -- The Services/Transports configuration (with the files from "/etc/jabber/jabber*.xml) -->
...
<service id="muclinker.jabber.DOMAIN">
 <host>conference.jabber.DOMAIN</host>
 <accept>
  <ip>127.0.0.1</ip>
  <port>31518</port>
  <secret>secret</secret>
 </accept>
</service>
<service id="aim.jabber.DOMAIN">
...

SSL

<!-- SSL configuration -->
<servic id="c2s"
 ...
 <pthcsock smlns='jabber:config:pth-csock'>
  ...
  <ssl port="5223">194.95.183.244</ssl>
 ...
</service>
...
<io>
 ...
 <ssl>
  <key ip='194.95.183.244>/etc/jabber/jabber.pem</key>
 </ssl>
 ...
</io>

After the configuration of the Jabber host, the authentification, the transports, SSL etc. the server (including all transports) can be started or stopped with

/etc/init.d/jabber start|stop
Personal tools