0

we are using ejabberd 19.02 with Active Directory Authentication and using mod_shared_roster_ldap for showing Contacts from a AD Group.

Its working fine but there is one problem. In Pidgin the default Group is "Buddies" and we want to show the AD Group Name. I dont get the config done to show the AD Group Name in Pidgin.

The AD Group Name is: XMPP-Messenger

Here is the mod_shared_roster_ldap config. It would be great if someone can help me to get the Group Name or the Group Description displayed:

 ldap_base: "DC=our,DC=domain,DC=com" # Search base of LDAP directory
    ldap_groupattr: "sAMAccountName"
    ldap_groupdesc: ""
    ldap_memberattr: "sAMAccountName"
    ldap_memberattr_format: "%u"
    ldap_useruid: "sAMAccountName"
    ldap_userdesc: "displayName"
    ldap_rfilter: "(&(objectCategory=group)(cn=XMPP-Messenger))"
    ldap_gfilter: "(&(objectCategory=user)(memberOf=CN=XMPP-Messenger,OU=to,OU=Path,DC=our,DC=domain,DC=com))"
    ldap_ufilter: "(&(objectClass=user)(sAMAccountName=%u))"
    ldap_filter: ""
    ldap_group_cache_validity: 60
    ldap_user_cache_validity: 60
    ldap_auth_check: off

Thanks and best regards.

Phatair
  • 1
  • 1
  • 3

1 Answers1

0

My mod_shared_roster_ldap config :

mod_shared_roster_ldap:
ldap_base: "DC=domain,DC=local"
ldap_rfilter: "(&(objectCategory=group)(info=jabber))"
ldap_gfilter: "(&(objectCategory=group)(info=jabber)(distinguishedName=%g))"
ldap_groupattr: "distinguishedName"
ldap_groupdesc: "displayName"
ldap_memberattr: "member"
ldap_memberattr_format_re: "CN=([^,]*),(OU=.*,)*DC=domain,DC=local"
ldap_ufilter: "(&(objectCategory=user)(sAMAccountName=%u))"
ldap_useruid: "sAMAccountName"
ldap_userdesc: "displayName"
ldap_filter: "(|(objectClass=group)(objectClass=user))"

The gfilter search for the groups find in rfilter. The ldap_memberattr search the member of each group. The trick is on the ldap_memberattr_format_re. It's a regex search the value on a CN=*,OU...... Ejabberd control if user find in the gfilter exist in the virtual host, and in my ldap config part, I filter the user on the sAMAccountName. So we need to match the regex to the sAMAccountName value.

Hope this can help somebody :)

Noreu
  • 1