Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1575

mod_shared_roster_ldap: Restrict Groups with a separate LDAP Base

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Cancelled
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: LDAP, Shared rosters
    • Labels:
      None

      Description

      Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
      Note that the diff is against the old codebase, but should be easy to port.

      Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

      It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.

      A diff to accomplish this:

      @@ -282,7 +291,8 @@
       %%%-----------------------
       handle_call({get_user_displayed_groups, _User}, _From, State) ->
           GroupAttr = State#state.group_attr,
      -    Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
      +    GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
      +    Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
           Reply = lists:flatmap(
               fun(#eldap_entry{attributes = Attrs}) ->
                   case Attrs of
      @@ -361,6 +371,11 @@
                             ejabberd_config:get_local_option({ldap_base, Host});
                         B -> B
                     end,
      +    LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
      +                  undefined ->
      +                      ejabberd_config:get_local_option({ldap_base, Host});
      +                  GB -> GB
      +              end,
           GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                          undefined -> "cn";
                          GA -> GA
      @@ -493,11 +512,13 @@
                          port = LDAPPort,
                          dn = RootDN,
                          base = LDAPBase,
      +                   group_base = LDAPGroupBase,
                          password = Password,
                          uid = UIDAttr,
                          group_attr = GroupAttr,
      

        Activity

        Hide
        neustradamus Neustradamus added a comment -

        Any news about this feature?

        Show
        neustradamus Neustradamus added a comment - Any news about this feature?
        Hide
        cromain@process-one.net Christophe Romain (Inactive) added a comment -

        The EJAB project is obsolete for more than a year now, all ejabberd issues are tracked in github:
        https://github.com/processone/ejabberd/issues

        This ticket is now automatically closed as it could not be handled.
        If you think it needs to be resurrected, please create a github issue referencing this EJAB ticket.

        Show
        cromain@process-one.net Christophe Romain (Inactive) added a comment - The EJAB project is obsolete for more than a year now, all ejabberd issues are tracked in github: https://github.com/processone/ejabberd/issues This ticket is now automatically closed as it could not be handled. If you think it needs to be resurrected, please create a github issue referencing this EJAB ticket.

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development