ejabberd mod_shared_roster with Proper Roster Names Setup

• Updated March 17, 2019


In a previous post, I described how to setup ejabberd’s mod_shared_roster module to automatically create shared rosters based on LDAP groups when users login.

However, if you integrate ejabberd with an LDAP server and mod_shared_roster, the user’s proper name will not be displayed unless mod_vcard_ldap is also setup.

The following post will describe what is needed to setup LDAP authentication and configure mod_vcard_ldap.

LDAP Authentication Setup

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["matrix.example.com"]}.
%%
%% Encrypt the LDAP connection.
%% Do not verify TLS due to encrypted LDAP not working when turned on
{ldap_encrypt, tls}.
{ldap_tls_verify, false}.
{ldap_port, 636}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName"}]}.
%%
%% Search base of LDAP directory:
{ldap_base, "ou=Users,dc=matrix,dc=example,dc=com"}.
%%
%% LDAP manager:
{ldap_rootdn, "cn=isldap,ou=Service Accounts,dc=matrix,dc=example,dc=com"}.
%%
%% Password to LDAP manager:
{ldap_password, "*******"}.
%%
%% In our configuration, this could also be left blank
{ldap_filter, "(objectClass=organizationalPerson)"}.

mod_vcard_ldap Configuration

I have included additional module configurations to show that they are blank or disabled.

Configure the following in /opt/ejabberd/conf/ejabberd.cfg:

{mod_roster,   []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats,    []},
{mod_time,     []},
%%{mod_vcard,    []},
{mod_vcard_ldap,
[
%% Now we want to define vCard pattern
{ldap_vcard_map,
 [{"NICKNAME", "%s %s", ["givenName", "sn"]},
  {"FIRST", "%s", ["givenName"]},
  {"LAST", "%s", ["sn"]},
  {"FN", "%s, %s", ["sn", "givenName"]},
  {"EMAIL", "%s", ["mail"]}]},
%% Search form
{ldap_search_fields,
 [{"User", "%u"},
  {"Name", "givenName"},
  {"Family Name", "sn"},
  {"Email", "mail"}]},
%% vCard fields to be reported
%% Note that JID is always returned with search results
{ldap_search_reported,
 [{"Full Name", "FN"},
  {"Nickname", "NICKNAME"}]}
]},

References

If you found this post useful, you can help support this site and get something for yourself by signing up for any of the services listed below through the provided links.

The following links are part of affiliate programs, and I will receive a referral payment from any of the services you sign-up for.

  • Get Faster Shipping: Perhaps you're about to order some stuff on Amazon but want to get more value out of the money you would normally pay for shipping. Sign-up for a free, 30-day trial of Amazon Prime to get free two-day shipping, access to thousands of movies and TV shows, and more.
  • Start Investing Now: Are you looking to start investing some of your disposable saved income? Get started by opening an account with Webull, where upon sign-up and opening a brokerage account with an initial deposit of at least $100 you will receive 1 stock valued (subject to change based on normal market movement) between $8 and $1600.

Thanks for reading and take care.