In my previous post, I went through an OpenLDAP installation. The hardest part about it were the SSL certificates, from now on things won't be this hard. Today we'll see how to use that work to configure OpenLDAP with ejabberd.

Prerequisites:

  • Obviously you want ejabberd to be installed and working on it's own – look at myprevious post for help. Make sure to do all the configuration changes I've done there, any changes to that configuration you'll find here and will be specific to LDAP. Amazingly, you don't have to make any changes to the port itself - you just need to tweak the ejabberd configuration file a little.
  • Also OpenLDAP must be completelyconfigured as in this post and tested with Thunderbird.

ejabberd modifications:

Edit /usr/local/etc/ejabberd/ejabberd.cfg

ee /usr/local/etc/ejabberd/ejabberd.cfg

Go to line 221:

{auth_method, internal}.

Change it to:

%{auth_method, internal}.

Next, go to line 245:

%%{auth_method, ldap}.

Change it to:

{auth_method, ldap}.

Next, go to line 248:

%%{ldap_servers, ["localhost"]}.

Change it to:

{ldap_servers, ["localhost"]}.

(This is provided, the LDAP server is on the same computer as ejabberd – on my setup it is)

Next, go to line 252:

%%{ldap_encrypt, tls}.

Change it to:

{ldap_encrypt, tls}.

Next, go to line 256:

%%{ldap_port, 636}.

Change it to:

{ldap_port, 636}.

Next, go to line 256:

%%{ldap_rootdn, "dc=example,dc=com"}.

Change it to:

{ldap_rootdn, "cn=Manager,dc=weirdbricks,dc=com"}.

Next, go to line 262:

%%{ldap_password, "******"}.

Change it to:

{ldap_password, "replace with whatever your password is!!"}.

Next, go to line 265:

%%{ldap_base, "dc=example,dc=com"}.

Change it to:

{ldap_base, "dc=weirdbricks,dc=com"}.

Next, go to line 268:

%%{ldap_uids, [{"mail","%u@mail.example.org"}]}.

Change it to:

{ldap_uids, [{"mail","%u@%d"}]}.

Save and exit.

Debugging:

Stop ejabberd if it's running by typing

/usr/local/sbin/ejabberdctl stop

Start ejabberd again:

/usr/local/sbin/ejabberdctl start

Check if it's running:

/usr/local/sbin/ejabberdctl status

If it won't start, we'll need to set ejabberd into debugging mode to troubleshoot it, it's really easy actually.

Edit /usr/local/etc/ejabberd/ejabberd.cfg

ee /usr/local/etc/ejabberd/ejabberd.cfg

Go to line 73,

{loglevel, 4}.

change it to:

{loglevel, 5}.

Save and exit and restart your ejabberd server.

Look at the log files:

Type:

ee /var/log/ejabberd/ejabberd.log

This will show you all the information passed between ejabberd and OpenLDAP as well as anything passed from ejabberd to the clients etc. You can use this to see if the clients are sending the username/passwords in the correct format that we specified in line 268 of the ejabberd.cfg file. Also check to see if you set the correct ldap_base in line 265. You should use the same LDAP base you used in Thunderbird and JXplorer.

Testing:

In the client side there is absolutely no change to be made. All the steps that I have described in my previous ejabberd post still apply.