Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1575

mod_shared_roster_ldap: Restrict Groups with a separate LDAP Base

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Cancelled
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: LDAP, Shared rosters
    • Labels:
      None

      Description

      Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
      Note that the diff is against the old codebase, but should be easy to port.

      Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

      It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.

      A diff to accomplish this:

      @@ -282,7 +291,8 @@
       %%%-----------------------
       handle_call({get_user_displayed_groups, _User}, _From, State) ->
           GroupAttr = State#state.group_attr,
      -    Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
      +    GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
      +    Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
           Reply = lists:flatmap(
               fun(#eldap_entry{attributes = Attrs}) ->
                   case Attrs of
      @@ -361,6 +371,11 @@
                             ejabberd_config:get_local_option({ldap_base, Host});
                         B -> B
                     end,
      +    LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
      +                  undefined ->
      +                      ejabberd_config:get_local_option({ldap_base, Host});
      +                  GB -> GB
      +              end,
           GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                          undefined -> "cn";
                          GA -> GA
      @@ -493,11 +512,13 @@
                          port = LDAPPort,
                          dn = RootDN,
                          base = LDAPBase,
      +                   group_base = LDAPGroupBase,
                          password = Password,
                          uid = UIDAttr,
                          group_attr = GroupAttr,
      

        Activity

        Atlassian Bamboo View RSS feed

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development