ejabberd mod_shared_roster with Proper Roster Names Setup

Wednesday, August 22, 2012

In a previous post, I detailed how to setup ejabberd’s mod_shared_roster module to automatically create shared rosters based on LDAP groups when users login.

However, if you integrate ejabberd with an LDAP server and mod_shared_roster, the user’s proper name will not be displayed unless mod_vcard_ldap is also setup.

The following post will detail what is needed to setup LDAP authentication and configure mod_vcard_ldap.

LDAP Authentication Setup

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

%% Authentication using LDAP
{auth_method, ldap}.
%% List of LDAP servers:
{ldap_servers, ["matrix.example.com"]}.
%% Encrypt the LDAP connection.
%% Do not verify TLS due to encrypted LDAP not working when turned on
{ldap_encrypt, tls}.
{ldap_tls_verify, false}.
{ldap_port, 636}.
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName"}]}.
%% Search base of LDAP directory:
{ldap_base, "ou=Users,dc=matrix,dc=example,dc=com"}.
%% LDAP manager:
{ldap_rootdn, "cn=isldap,ou=Service Accounts,dc=matrix,dc=example,dc=com"}.
%% Password to LDAP manager:
{ldap_password, "*******"}.
%% In our configuration, this could also be left blank
{ldap_filter, "(objectClass=organizationalPerson)"}.

mod_vcard_ldap Configuration

I have included additional module configurations to show that they are blank or disabled.

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

{mod_roster,   []},
%%{mod_stats,    []},
{mod_time,     []},
%%{mod_vcard,    []},
%% Now we want to define vCard pattern
 [{"NICKNAME", "%s %s", ["givenName", "sn"]},
  {"FIRST", "%s", ["givenName"]},
  {"LAST", "%s", ["sn"]},
  {"FN", "%s, %s", ["sn", "givenName"]},
  {"EMAIL", "%s", ["mail"]}]},
%% Search form
 [{"User", "%u"},
  {"Name", "givenName"},
  {"Family Name", "sn"},
  {"Email", "mail"}]},
%% vCard fields to be reported
%% Note that JID is always returned with search results
 [{"Full Name", "FN"},
  {"Nickname", "NICKNAME"}]}


Buddy list downloaded as JIDs instead of proper names

comments powered by Disqus