ejabberd + LDAP + roaster

Розділи: 


loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
hosts:
- "jabber.domain1.com"
- "jabber.domain2.com"
- "jabber.domain3.com"
- "jabber.domain4.com"
listen:
-
port: 5222
module: ejabberd_c2s
starttls: true
protocol_options:
- "no_sslv3"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
##s2s_use_starttls: false
-
port: 5280
module: ejabberd_http
web_admin: true
http_bind: true
captcha: false
host_config:
"jabber.domain1.com":
domain_certfile: "/opt/ejabberd/conf/ssl/letsencrypt.pem"
auth_method: [ldap]
ldap_servers: ["ad.domain.com"]
ldap_rootdn: "CN=jabber.ad.access,OU=Jabber,OU=Domain_Services,DC=domain,DC=com"
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_password: "pa$$w0rd"
ldap_encrypt: none
ldap_port: 389
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain1,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_uids:
"sAMAccountName": "%u"
"jabber.domain2.com":
domain_certfile: "/opt/ejabberd/conf/ssl/letsencrypt.pem"
auth_method: [ldap]
ldap_servers: ["ad.domain.com"]
ldap_rootdn: "CN=jabber.ad.access,OU=Jabber,OU=Domain_Services,DC=domain,DC=com"
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_password: "pa$$w0rd"
ldap_encrypt: none
ldap_port: 389
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain2,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_uids:
"sAMAccountName": "%u"
"jabber.domain3.com":
domain_certfile: "/opt/ejabberd/conf/ssl/letsencrypt.pem"
auth_method: [ldap]
ldap_servers: ["ad.domain.com"]
ldap_rootdn: "CN=jabber.ad.access,OU=Jabber,OU=Domain_Services,DC=domain,DC=com"
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_password: "pa$$w0rd"
ldap_encrypt: none
ldap_port: 389
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain3,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_uids:
"sAMAccountName": "%u"
"jabber.domain4.com":
domain_certfile: "/opt/ejabberd/conf/ssl/letsencrypt.pem"
auth_method: [ldap]
ldap_servers: ["ad.domain.com"]
ldap_rootdn: "CN=jabber.ad.access,OU=Jabber,OU=Domain_Services,DC=domain,DC=com"
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_password: "pa$$w0rd"
ldap_encrypt: none
ldap_port: 389
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain4,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_uids:
"sAMAccountName": "%u"
sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "ejabberd_pass"
pgsql_users_number_estimate: true
shaper:
normal: 8000
fast: 50000
max_fsm_queue: 5000
acl:
admin:
user:
- "[email protected]"
- "[email protected]"
- "[email protected]"
- "[email protected]"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_admin:
- allow: admin
muc_create:
- allow: admin
muc_access:
- allow: admin
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps:
cache_size: 10000
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_bosh: {}
mod_last: {}
mod_mam:
db_type: sql
default: always
mod_muc:
access: muc_access
access_create: muc_create
access_admin: muc_admin
history_size: 0
db_type: sql
default_room_options:
persistent: false
logging: true
mam: true
mod_muc_admin: {}
mod_muc_log:
access_log: muc
outdir: "/var/www/html/archive/muclogs"
dirtype: plain
timezone: universal
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "pep" # pep requires mod_caps
mod_register:
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
access: register
mod_roster: {}
### for > 17.06
## mod_roster:
## use_cache: true
## cache_size: 10000
## cache_life_time: 3600 # 1 hour
mod_shared_roster: {}
mod_version: {}
append_host_config:
"jabber.domain1.com":
modules:
mod_shared_roster_ldap:
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_groupattr: "department"
ldap_groupdesc: "department"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain1,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_rfilter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain1,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_memberattr: "sAMAccountName"
ldap_userdesc: "displayName"
ldap_group_cache_validity: 300
ldap_user_cache_validity: 300
ldap_auth_check: off
ldap_user_cache_size: 5000
mod_vcard:
db_type: ldap
search: true
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain1,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_vcard_map:
## "NICKNAME": {"%s": ["cn"]}
"FIRST": {"%s": ["givenName"]}
"LAST": {"%s": ["sn"]}
"FN": {"%s": ["displayName"]}
"EMAIL": {"%s": ["mail"]}
"ORGNAME": {"%s": ["physicalDeliveryOfficeName"]}
"ORGUNIT": {"%s": ["department"]}
"CTRY": {"%s": ["c"]}
"LOCALITY": {"%s": ["l"]}
"STREET": {"%s": ["streetAddress"]}
"REGION": {"%s": ["st"]}
"PCODE": {"%s": ["postalCode"]}
"TEL": {"%s": ["telephoneNumber"]}
ldap_search_fields:
"User": "%u"
"Name": "givenName"
"Family Name": "sn"
"Email": "mail"
"Telephone": "telephoneNumber"
"Region": "st"
"City": "l"
"Location": "streetAddress"
ldap_search_reported:
"Full Name": "FN"
## "Nickname": "NICKNAME"
"Email": "EMAIL"
"Telephone": "TEL"
"Region": "REGION"
"City": "LOCALITY"
"Location": "STREET"
append_host_config:
"jabber.domain2.com":
modules:
mod_shared_roster_ldap:
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_groupattr: "department"
ldap_groupdesc: "department"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain2,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_rfilter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain2,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_memberattr: "sAMAccountName"
ldap_userdesc: "displayName"
ldap_group_cache_validity: 300
ldap_user_cache_validity: 300
ldap_auth_check: off
ldap_user_cache_size: 5000
mod_vcard:
db_type: ldap
search: true
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain2,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_vcard_map:
## "NICKNAME": {"%s": ["cn"]}
"FIRST": {"%s": ["givenName"]}
"LAST": {"%s": ["sn"]}
"FN": {"%s": ["displayName"]}
"EMAIL": {"%s": ["mail"]}
"ORGNAME": {"%s": ["physicalDeliveryOfficeName"]}
"ORGUNIT": {"%s": ["department"]}
"CTRY": {"%s": ["c"]}
"LOCALITY": {"%s": ["l"]}
"STREET": {"%s": ["streetAddress"]}
"REGION": {"%s": ["st"]}
"PCODE": {"%s": ["postalCode"]}
"TEL": {"%s": ["telephoneNumber"]}
ldap_search_fields:
"User": "%u"
"Name": "givenName"
"Family Name": "sn"
"Email": "mail"
"Telephone": "telephoneNumber"
"Region": "st"
"City": "l"
"Location": "streetAddress"
ldap_search_reported:
"Full Name": "FN"
## "Nickname": "NICKNAME"
"Email": "EMAIL"
"Telephone": "TEL"
"Region": "REGION"
"City": "LOCALITY"
"Location": "STREET"
append_host_config:
"jabber.domain3.com":
modules:
mod_shared_roster_ldap:
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_groupattr: "department"
ldap_groupdesc: "department"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain3,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_rfilter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain3,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_memberattr: "sAMAccountName"
ldap_userdesc: "displayName"
ldap_group_cache_validity: 300
ldap_user_cache_validity: 300
ldap_auth_check: off
ldap_user_cache_size: 5000
mod_vcard:
db_type: ldap
search: true
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain3,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_vcard_map:
## "NICKNAME": {"%s": ["cn"]}
"FIRST": {"%s": ["givenName"]}
"LAST": {"%s": ["sn"]}
"FN": {"%s": ["displayName"]}
"EMAIL": {"%s": ["mail"]}
"ORGNAME": {"%s": ["physicalDeliveryOfficeName"]}
"ORGUNIT": {"%s": ["department"]}
"CTRY": {"%s": ["c"]}
"LOCALITY": {"%s": ["l"]}
"STREET": {"%s": ["streetAddress"]}
"REGION": {"%s": ["st"]}
"PCODE": {"%s": ["postalCode"]}
"TEL": {"%s": ["telephoneNumber"]}
ldap_search_fields:
"User": "%u"
"Name": "givenName"
"Family Name": "sn"
"Email": "mail"
"Telephone": "telephoneNumber"
"Region": "st"
"City": "l"
"Location": "streetAddress"
ldap_search_reported:
"Full Name": "FN"
## "Nickname": "NICKNAME"
"Email": "EMAIL"
"Telephone": "TEL"
"Region": "REGION"
"City": "LOCALITY"
"Location": "STREET"
append_host_config:
"jabber.domain4.com":
modules:
mod_shared_roster_ldap:
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_groupattr: "department"
ldap_groupdesc: "department"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain4,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_rfilter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain4,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_memberattr: "sAMAccountName"
ldap_userdesc: "displayName"
ldap_group_cache_validity: 300
ldap_user_cache_validity: 300
ldap_auth_check: off
ldap_user_cache_size: 5000
mod_vcard:
db_type: ldap
search: true
ldap_base: "OU=Domain_Users,DC=domain,DC=com"
ldap_filter: "(&(sAMAccountType=805306368)(memberOf=CN=Jabber.Users.Domain4,OU=Jabber,OU=Domain_Services,DC=domain,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
ldap_vcard_map:
## "NICKNAME": {"%s": ["cn"]}
"FIRST": {"%s": ["givenName"]}
"LAST": {"%s": ["sn"]}
"FN": {"%s": ["displayName"]}
"EMAIL": {"%s": ["mail"]}
"ORGNAME": {"%s": ["physicalDeliveryOfficeName"]}
"ORGUNIT": {"%s": ["department"]}
"CTRY": {"%s": ["c"]}
"LOCALITY": {"%s": ["l"]}
"STREET": {"%s": ["streetAddress"]}
"REGION": {"%s": ["st"]}
"PCODE": {"%s": ["postalCode"]}
"TEL": {"%s": ["telephoneNumber"]}
ldap_search_fields:
"User": "%u"
"Name": "givenName"
"Family Name": "sn"
"Email": "mail"
"Telephone": "telephoneNumber"
"Region": "st"
"City": "l"
"Location": "streetAddress"
ldap_search_reported:
"Full Name": "FN"
## "Nickname": "NICKNAME"
"Email": "EMAIL"
"Telephone": "TEL"
"Region": "REGION"
"City": "LOCALITY"
"Location": "STREET"
allow_contrib_modules: true