![]() ![]() I simply checked out the git mirror of their official repository (didn't have hg installed): git clone Īs for other libraries, those are the ones:Īnd the lua stuff you need (as far as I can remember): That's why I decided to go for the current development version. The problem is that, at the time of writing, the sasl support hasn't made it into a stable build yet. There are installers/packages available for Debian/Ubuntu, Windows, Arch Linux, FreeBSD and Windows. You've set up a proper saslauthd and configured a service called xmpp. Please enter an authorization id: YOURUSERID This means that the service called "xmpp" (from the filename) only accepts plain passwords and uses the saslauth daemon to check them.Ĭheck if this works by starting the sample server: # sasl2-sample-server -s "xmpp" -m "PLAIN"Īnd connect to it using the sample client (probably in another terminal session): # sasl2-sample-client -s "xmpp" -m "PLAIN" localhost For this, you'll have to set up your /usr/lib64/sasl2/nf (or /etc/sasl2/nf ) # cat /usr/lib64/sasl2/nf ![]() This is basically just a config file that tells the cyrus-sasl library which service to auth against. To be able to auth against this, you'll need to set up a matching service. ![]() This just set up the connection info for the saslauth daemon. Ldap_search_base: ou=userlist,dc=example,dc=orgĪfter this (and maybe a /etc/init.d/saslauthd restart), the testsaslauthd command should work: # testsaslauthd -u existing_user -p thepassword They are very useful to see if your configuration is actually ok. This will also install programs such as "testsaslauthd", "sasl2-sample-client", "sasl2-sample-server", "sasl2-shared-mechlist" and "sasl2-static-mechlist". While I don't remember everything I installed, here are some packages that seem appropriate: Getting sasl to run and auth against LDAP Prosidy uses lua-cyrussasl (which basically can't be found using google) to communicate with the library. The SASL protocol framework is used by SMTP, IMAP, ACAP, LDAP, and other standard protocols. It supports authentication via standard plaintext methods as well as CRAM-MD5 and DIGEST-MD5 shared secret methods and KERBEROS_V4 and GSSAPI Kerberos methods. Here is a quote from its freshmeat page: The Cyrus SASL library is a generic library for easy integration of secure network authentication to any client or server application. To quote from the ?official website?: SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.Ĭyrus SASL is a matching library. This is why this commit cought my eye: first working version with Cyrus SASL support. It wouldn't have been all that hard to implement it for somebody that actually knew lua, but I decided that I have other things to do at the moment. My problem with prosody in the past was the missing LDAP authentication feature. While lua wasn't all thaaat slow to begin with (for a scripting language), since luajit came up, it is only arround 2 times slower than C, according to the benchmarks. ![]() Where as Tigase and ejabberd are basically a huge, ugly wall of text, prosody is a clean and simple lightweight design. By simple looking at the website, you see the difference. There also is no support for authenticating against LDAP with Tigase at the time of writing. Since I had bad experience setting up the whole java-enironment, I'd rather not try it again. There also is Tigase, an open-source java based xmpp-server. There is ejabberd, but since I can barely read erlang, let alone write, I decided that I don't really want to deal with ejabberd :) Since I had no intention of setting up openfire again, I decided to look for other tools. It worked pretty fine in the beginning, but a lack of updates and a horrible java-overengineering led to the point where the server needed 400 MB of RAM and didn't even consider talking to LDAP anymore. When i configure ldap in ejabberd.yml and restart it's ok no error.UPDATE: There is another guide that shows this setup on more current prosody version over here.Ī few years ago, I set up a Jabber server at my university. Ldap_filter: "(&(objectClass=mailUser)(accountStatus=active))" # Encryption of connection to LDAP servers: (iredmail and ldap they are same server). I looking for configure ejabberd with ldap. Related log if you're reporting an issue: Manage mail accounts with iRedAdmin-Pro? No Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP Linux/BSD distribution name and version: Debian Jessie 64 bits iRedMail version (check /etc/iredmail-release): lasted version ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |