Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1575

mod_shared_roster_ldap: Restrict Groups with a separate LDAP Base

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Cancelled
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: LDAP, Shared rosters
    • Labels:
      None

      Description

      Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
      Note that the diff is against the old codebase, but should be easy to port.

      Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

      It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.

      A diff to accomplish this:

      @@ -282,7 +291,8 @@
       %%%-----------------------
       handle_call({get_user_displayed_groups, _User}, _From, State) ->
           GroupAttr = State#state.group_attr,
      -    Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
      +    GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
      +    Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
           Reply = lists:flatmap(
               fun(#eldap_entry{attributes = Attrs}) ->
                   case Attrs of
      @@ -361,6 +371,11 @@
                             ejabberd_config:get_local_option({ldap_base, Host});
                         B -> B
                     end,
      +    LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
      +                  undefined ->
      +                      ejabberd_config:get_local_option({ldap_base, Host});
      +                  GB -> GB
      +              end,
           GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                          undefined -> "cn";
                          GA -> GA
      @@ -493,11 +512,13 @@
                          port = LDAPPort,
                          dn = RootDN,
                          base = LDAPBase,
      +                   group_base = LDAPGroupBase,
                          password = Password,
                          uid = UIDAttr,
                          group_attr = GroupAttr,
      

        Activity

        porridge Marcin Owsiany created issue -
        porridge Marcin Owsiany made changes -
        Field Original Value New Value
        Description Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
        Note that the diff is against the old codebase, but should be easy to port.


        Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

        It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.


        A diff to accomplish this:

        @@ -282,7 +291,8 @@
         %%%-----------------------
         handle_call({get_user_displayed_groups, _User}, _From, State) ->
             GroupAttr = State#state.group_attr,
        - Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
        + GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
        + Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
             Reply = lists:flatmap(
                 fun(#eldap_entry{attributes = Attrs}) ->
                     case Attrs of
        @@ -361,6 +371,11 @@
                               ejabberd_config:get_local_option({ldap_base, Host});
                           B -> B
                       end,
        + LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
        + undefined ->
        + ejabberd_config:get_local_option({ldap_base, Host});
        + GB -> GB
        + end,
             GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                            undefined -> "cn";
                            GA -> GA
        @@ -493,11 +512,13 @@
                            port = LDAPPort,
                            dn = RootDN,
                            base = LDAPBase,
        + group_base = LDAPGroupBase,
                            password = Password,
                            uid = UIDAttr,
                            group_attr = GroupAttr,
        Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
        Note that the diff is against the old codebase, but should be easy to port.


        Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

        It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.


        A diff to accomplish this:
        {code}
        @@ -282,7 +291,8 @@
         %%%-----------------------
         handle_call({get_user_displayed_groups, _User}, _From, State) ->
             GroupAttr = State#state.group_attr,
        - Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
        + GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
        + Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
             Reply = lists:flatmap(
                 fun(#eldap_entry{attributes = Attrs}) ->
                     case Attrs of
        @@ -361,6 +371,11 @@
                               ejabberd_config:get_local_option({ldap_base, Host});
                           B -> B
                       end,
        + LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
        + undefined ->
        + ejabberd_config:get_local_option({ldap_base, Host});
        + GB -> GB
        + end,
             GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                            undefined -> "cn";
                            GA -> GA
        @@ -493,11 +512,13 @@
                            port = LDAPPort,
                            dn = RootDN,
                            base = LDAPBase,
        + group_base = LDAPGroupBase,
                            password = Password,
                            uid = UIDAttr,
                            group_attr = GroupAttr,
        {code}
        cromain@process-one.net Christophe Romain (Inactive) made changes -
        Assignee Evgeniy Khramtsov [ ekhramtsov ]
        Hide
        neustradamus Neustradamus added a comment -

        Any news about this feature?

        Show
        neustradamus Neustradamus added a comment - Any news about this feature?
        mremond@process-one.net Mickaël Rémond made changes -
        Workflow development v3 [ 76468 ] Development v4 [ 80335 ]
        mremond@process-one.net Mickaël Rémond made changes -
        Status Open [ 1 ] Not Yet Scheduled [ 10024 ]
        cromain@process-one.net Christophe Romain (Inactive) made changes -
        Assignee ekhramtsov
        Hide
        cromain@process-one.net Christophe Romain (Inactive) added a comment -

        The EJAB project is obsolete for more than a year now, all ejabberd issues are tracked in github:
        https://github.com/processone/ejabberd/issues

        This ticket is now automatically closed as it could not be handled.
        If you think it needs to be resurrected, please create a github issue referencing this EJAB ticket.

        Show
        cromain@process-one.net Christophe Romain (Inactive) added a comment - The EJAB project is obsolete for more than a year now, all ejabberd issues are tracked in github: https://github.com/processone/ejabberd/issues This ticket is now automatically closed as it could not be handled. If you think it needs to be resurrected, please create a github issue referencing this EJAB ticket.
        cromain@process-one.net Christophe Romain (Inactive) made changes -
        Status Not Yet Scheduled [ 10024 ] Closed [ 6 ]
        Resolution Cancelled [ 11 ]

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development