Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1575

mod_shared_roster_ldap: Restrict Groups with a separate LDAP Base


    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Cancelled
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: LDAP, Shared rosters
    • Labels:


      Forwarding a report to the old mod_shared_roster_ldap bug tracker filed by Jon Snyder (snyder.jon@gmail.com) on 2010-09-09 05:58
      Note that the diff is against the old codebase, but should be easy to port.

      Depending on the LDAP server used, it can be difficult to specify exactly what groups should be the shared roster groups. In Active Directory, it can be difficult to use an LDAP filter to only select certain groups.

      It would be easier to create a new container in the directory that has only the shared roster groups in it. Thus, there would be a new configuration parameter, such as ldap_group_base, and when the list of groups is retrieved, this LDAP base would be used.

      A diff to accomplish this:

      @@ -282,7 +291,8 @@
       handle_call({get_user_displayed_groups, _User}, _From, State) ->
           GroupAttr = State#state.group_attr,
      -    Entries = mod_shared_roster_ldap_helpers:eldap_search(State, [State#state.rfilter], [GroupAttr]),
      +    GroupState = #state{eldap_id=State#state.eldap_id, base=State#state.group_base},
      +    Entries = mod_shared_roster_ldap_helpers:eldap_search(GroupState, [State#state.rfilter], [GroupAttr]),
           Reply = lists:flatmap(
               fun(#eldap_entry{attributes = Attrs}) ->
                   case Attrs of
      @@ -361,6 +371,11 @@
                             ejabberd_config:get_local_option({ldap_base, Host});
                         B -> B
      +    LDAPGroupBase = case gen_mod:get_opt(ldap_group_base, Opts, undefined) of
      +                  undefined ->
      +                      ejabberd_config:get_local_option({ldap_base, Host});
      +                  GB -> GB
      +              end,
           GroupAttr = case gen_mod:get_opt(ldap_groupattr, Opts, undefined) of
                          undefined -> "cn";
                          GA -> GA
      @@ -493,11 +512,13 @@
                          port = LDAPPort,
                          dn = RootDN,
                          base = LDAPBase,
      +                   group_base = LDAPGroupBase,
                          password = Password,
                          uid = UIDAttr,
                          group_attr = GroupAttr,



          • Votes:
            1 Vote for this issue
            5 Start watching this issue


            • Created: