помогите настроить ejabberd
Форум — Admin
привет! завел машину с дебиан 4.6 в домен. установил ejabberd. Прочел кучу мануалов связки ejabberd+AD. не выходит ничего)
override_global.
override_local.
override_acls.
%%
%%
%% Domain name = xxxxxx.local
%% Controler of domain = mdc.xxxxxx.local (192.168.5.6)
%% this Jabber server = jabber.xxxxxx.local (192.168.5.13)
%% Admin of domain = adm
%%
%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Options which are set by Debconf and managed by ucf
%% Admin user
{acl, admin, {user, "admin", "jabber.xxxxxx.local"}}.
{acl, admin, {user, "adm", "xxxxxx"}}.
%% Hostname
{hosts, ["jabber.xxxxxx.local"]}.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% =========
%%% DEBUGGING
%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 4}.
%%
%% watchdog_admins: If an ejabberd process consumes too much memory,
%% send live notifications to those Jabber accounts.
%%
%%{watchdog_admins, ["bob@example.com"]}.
%%% ===============
%%% LISTENING PORTS
{listen,
[
{5222, ejabberd_c2s, [
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536},
%%zlib,
starttls, {certfile, "/etc/ejabberd/server.pem"}
]},
%%
%% To enable the old SSL connection method (deprecated) in port 5223:
%%
{5223, ejabberd_c2s, [
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536},
zlib,
tls, {certfile, "/etc/ejabberd/server.pem"}
]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [
%%{request_handlers,
%% [
%% {["pub", "archive"], mod_http_fileserver}
%% ]},
%%captcha,
http_bind,
http_poll,
web_admin
]}
]}.
%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% You must specify a certificate file.
%%
{s2s_use_starttls, true}.
%%
%% s2s_certfile: Specify a certificate file.
%%
{s2s_certfile, "/etc/ejabberd/server.pem"}.
%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
%%{s2s_default_policy, allow}.
%%
%% Allow or deny communication with specific servers.
%%
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.
%%{s2s_max_retry_delay, 300}.
%%% ==============
%%% AUTHENTICATION
%%
%%
%% Authentication using LDAP
%%
{auth_method, ldap}.
%%
%% List of LDAP servers:
{ldap_servers, ["mdc.xxxxxx.local"]}.
%%
%% Encryption of connection to LDAP servers (LDAPS):
%%{ldap_encrypt, none}.
%%{ldap_encrypt, tls}.
%%
%% Port connect to LDAP server:
{ldap_port, 389}.
%%{ldap_port, 636}.
%%
%% LDAP manager:
{ldap_rootdn, "adm@xxxxxx.local"}.
%%
%% Password to LDAP manager:
{ldap_password, "123456789"}.
%%
%% Search base of LDAP directory:
{ldap_base, "dc=xxxxxx,dc=local"}.
%%
%% LDAP attribute that holds user ID:
{ldap_uids, [{"sAMAccountName", "%u"}]}.
%%
%% LDAP filter:
{ldap_filter, "(objectClass=shadowAccount)"}.
{sasl_realm, "xxxxxx.LOCAL"}.
{sasl_fqdn, "jabber.xxxxxx.local"}.
%%% ===============
%%% TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
%%{acl, admin, {user, "aleksey", "localhost"}}.
%%{acl, admin, {user, "ermine", "example.org"}}.
%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.
%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.
%%% ============
%%% ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.
%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
%% This rule allows access only for local users:
{access, local, [{allow, local}]}.
%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
%% No username can be registered via in-band registration:
%% To enable in-band registration, replace 'deny' with 'allow'
% (note that if you remove mod_register from modules list then users will not
% be able to change their password as well as register).
% This setting is default because it's more safe.
{access, register, [{deny, all}]}.
%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
%%% ================
%%% DEFAULT LANGUAGE
{language, "en"}.
%%% =======
%%% MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_admin_extra, []},
{mod_disco, []},
%%{mod_echo, [{host, "echo.localhost"}]},
{mod_irc, []},
%% NOTE that mod_http_fileserver must also be enabled in the
%% "request_handlers" clause of the "ejabberd_http" listener
%% configuration (see the "LISTENING PORTS" section above).
%%{mod_http_fileserver, [
%% {docroot, "/var/www"},
%% {accesslog, "/var/log/ejabberd/access.log"}
%% ]},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin},
{max_users, 500}
]},
%%{mod_muc_log,[]},
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
{mod_privacy, []},
{mod_private, []},
{mod_proxy65, [
{access, local},
{shaper, c2s_shaper}
]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{pep_sendlast_offline, false},
{last_item_cache, false},
%%{plugins, ["default", "pep"]}
{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
]},
{mod_register, [
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, {"Welcome!",
"Welcome to a Jabber service powered by Debian. "
"For information about Jabber visit "
"http://www.jabber.org"}},
%% Replace it with 'none' if you don't want to send such message:
%%{welcome_message, none},
{access, register}
]},
{mod_roster, []},
%%{mod_service_log,[]},
%%{mod_shared_roster,[]},
{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []}
]}.
попытка зарегистрировать пользователя:
root@jabber:~# ejabberdctl register admin jabber.хххххх.local 111111
Can't register user admin@jabber.хххххх.local at node ejabberd@jabber: not_allowed
root@jabber:~#
вот лог запуска:
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.268.0>:eldap:983) : LDAP connection on mdc.хххххх.local:389
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.276.0>:eldap:983) : LDAP connection on mdc.хххххх.local:389
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.37.0>:cyrsasl_digest:44) : FQDN used to check DIGEST-MD5 SASL authentication: "jabber.хххххх.local"
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.368.0>:ejabberd_listener:166) : Reusing listening port for 5222
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.369.0>:ejabberd_listener:166) : Reusing listening port for 5223
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.370.0>:ejabberd_listener:166) : Reusing listening port for 5269
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.371.0>:ejabberd_listener:166) : Reusing listening port for 5280
=INFO REPORT==== 2015-06-01 14:56:09 ===
I(<0.37.0>:ejabberd_app:72) : ejabberd 2.1.10 is started in the node ejabberd@jabber
=INFO REPORT==== 2015-06-01 14:56:21 ===
I(<0.37.0>:ejabberd_app:89) : ejabberd 2.1.10 is stopped in the node ejabberd@jabber
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.655.0>:eldap:983) : LDAP connection on mdc.xxxxxx.local:389
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.663.0>:eldap:983) : LDAP connection on mdc.хххххх.local:389
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.420.0>:cyrsasl_digest:44) : FQDN used to check DIGEST-MD5 SASL authentication: "jabber.хххххх.local"
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.755.0>:ejabberd_listener:166) : Reusing listening port for 5222
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.756.0>:ejabberd_listener:166) : Reusing listening port for 5223
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.757.0>:ejabberd_listener:166) : Reusing listening port for 5269
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.758.0>:ejabberd_listener:166) : Reusing listening port for 5280
=INFO REPORT==== 2015-06-01 14:56:24 ===
I(<0.420.0>:ejabberd_app:72) : ejabberd 2.1.10 is started in the node ejabberd@jabber