ThorneLabs

ejabberd mod_shared_roster with Proper Roster Names Setup

• Updated March 17, 2019


In a previous post, I described how to setup ejabberd’s mod_shared_roster module to automatically create shared rosters based on LDAP groups when users login.

However, if you integrate ejabberd with an LDAP server and mod_shared_roster, the user’s proper name will not be displayed unless mod_vcard_ldap is also setup.

The following post will describe what is needed to setup LDAP authentication and configure mod_vcard_ldap.

LDAP Authentication Setup

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["matrix.example.com"]}.
%%
%% Encrypt the LDAP connection.
%% Do not verify TLS due to encrypted LDAP not working when turned on
{ldap_encrypt, tls}.
{ldap_tls_verify, false}.
{ldap_port, 636}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName"}]}.
%%
%% Search base of LDAP directory:
{ldap_base, "ou=Users,dc=matrix,dc=example,dc=com"}.
%%
%% LDAP manager:
{ldap_rootdn, "cn=isldap,ou=Service Accounts,dc=matrix,dc=example,dc=com"}.
%%
%% Password to LDAP manager:
{ldap_password, "*******"}.
%%
%% In our configuration, this could also be left blank
{ldap_filter, "(objectClass=organizationalPerson)"}.

mod_vcard_ldap Configuration

I have included additional module configurations to show that they are blank or disabled.

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

{mod_roster,   []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats,    []},
{mod_time,     []},
%%{mod_vcard,    []},
{mod_vcard_ldap,
[
%% Now we want to define vCard pattern
{ldap_vcard_map,
 [{"NICKNAME", "%s %s", ["givenName", "sn"]},
  {"FIRST", "%s", ["givenName"]},
  {"LAST", "%s", ["sn"]},
  {"FN", "%s, %s", ["sn", "givenName"]},
  {"EMAIL", "%s", ["mail"]}]},
%% Search form
{ldap_search_fields,
 [{"User", "%u"},
  {"Name", "givenName"},
  {"Family Name", "sn"},
  {"Email", "mail"}]},
%% vCard fields to be reported
%% Note that JID is always returned with search results
{ldap_search_reported,
 [{"Full Name", "FN"},
  {"Nickname", "NICKNAME"}]}
]},

References

If you found this post useful and would like to help support this site - and get something for yourself - sign up for any of the services listed below through the provided affiliate links. I will receive a referral payment from any of the services you sign-up for.

Get faster shipping and more with Amazon Prime: About to order something from Amazon but want to get more value out of the money you would normally pay for shipping? Sign-up for a free 30-day trial of Amazon Prime to get free two-day shipping, access to thousands of movies and TV shows, and more.

Thanks for reading and take care.