Lampros - Weird Bricks

OpenLDAP linked with ejabberd

06 April, 2011 | ejabberd

In my previous post, I went through an OpenLDAP installation. The hardest part about it were the SSL certificates, from now on things won't be this hard. Today we'll see how to use that work to configure OpenLDAP with ejabberd. 


ejabberd modifications:
Edit /usr/local/etc/ejabberd/ejabberd.cfg
ee /usr/local/etc/ejabberd/ejabberd.cfg

Go to line 221:
{auth_method, internal}.
Change it to:
%{auth_method, internal}.

Next, go to line 245:
%%{auth_method, ldap}.
Change it to:
{auth_method, ldap}.

Next, go to line 248:
%%{ldap_servers, ["localhost"]}.
Change it to:
{ldap_servers, ["localhost"]}.
(This is provided, the LDAP server is on the same computer as ejabberd – on my setup it is)

Next, go to line 252:
%%{ldap_encrypt, tls}.
Change it to:
{ldap_encrypt, tls}.

Next, go to line 256:
%%{ldap_port, 636}.
Change it to:
{ldap_port, 636}.

Next, go to line 256:
%%{ldap_rootdn, "dc=example,dc=com"}.
Change it to:
{ldap_rootdn, "cn=Manager,dc=weirdbricks,dc=com"}.

Next, go to line 262:
%%{ldap_password, "******"}.
Change it to:
{ldap_password, "replace with whatever your password is!!"}.

Next, go to line 265:
%%{ldap_base, "dc=example,dc=com"}.
Change it to:
{ldap_base, "dc=weirdbricks,dc=com"}.

Next, go to line 268:
%%{ldap_uids, [{"mail",""}]}.
Change it to:
{ldap_uids, [{"mail","%u@%d"}]}.

Save and exit.

Stop ejabberd if it's running by typing
/usr/local/sbin/ejabberdctl stop

Start ejabberd again:
/usr/local/sbin/ejabberdctl start

Check if it's running:
/usr/local/sbin/ejabberdctl status

If it won't start, we'll need to set ejabberd into debugging mode to troubleshoot it, it's really easy actually.
Edit /usr/local/etc/ejabberd/ejabberd.cfg
ee /usr/local/etc/ejabberd/ejabberd.cfg

Go to line 73,
{loglevel, 4}.
change it to:
{loglevel, 5}.

Save and exit and restart your ejabberd server.

Look at the log files:
ee /var/log/ejabberd/ejabberd.log

This will show you all the information passed between ejabberd and OpenLDAP as well as anything passed from ejabberd to the clients etc. You can use this to see if the clients are sending the username/passwords in the correct format that we specified in line 268 of the ejabberd.cfg file. Also check to see if you set the correct ldap_base in line 265. You should use the same LDAP base you used in Thunderbird and JXplorer.

In the client side there is absolutely no change to be made. All the steps that I have described in my previous ejabberd post still apply.