Integration/Ejabberd.iRedMail.with.OpenLDAP/Ubuntu

From iRedMail

Revision as of 07:59, 18 April 2010

Install Ejabberd

apt-get install ejabberd

Configure ejabberd

Find cn=vmail password

vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf

• Open /etc/postfix/ldap_virtual_mailbox_domains.cf and check values:

bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = InYTi8qGjamTb6Me2ESwbb6rxQUs5y #cn=vmail password

Setting Ejabberd

Ejabberd's configuration files are written in Erlang syntax, which might be difficult to comprehend. Thankfully, the modifications we need to make are relatively minor and straightforward. The main ejabberd configuration file is located at /etc/ejabberd/ejabberd.cfg. We'll cover each relevant option in turn.

In Erlang, comments begin with the % sign.

• Setting admin and domain, now we setting www@example.com as admin.
• Auth not use internal.
• LDAP auth

Open /etc/ejabberd/ejabberd.cfg and set correct values:

[...]
%% Admin user
{acl, admin, {user, "www", "example.com"}}.
%% Hostname
{hosts, ["example.com"]}. 

[...]

%%{auth_method, internal}. 

[...] Add below at the botton.
%%% Authenticate against LDAP.
{auth_method, ldap}.
{ldap_servers, ["127.0.0.1"]}.
%%% {ldap_encrypt, tls}.
{ldap_port, 389}.
{ldap_base, "o=domains,dc=example,dc=com"}.
{ldap_rootdn, "cn=vmail,dc=example,dc=com"}.
{ldap_password, "InYTi8qGjamTb6Me2ESwbb6rxQUs5y"}. #cn=vmail password
%%% Enable both normal mail user and mail admin.
{ldap_filter, "(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber))"}.
{ldap_uids, [{"mail", "%u@%d"}]}.

Start ejabberd and check the status

# /etc/init.d/ejabberd start
Starting jabber server: ejabberd.
# ejabberdctl status
Node ejabberd@u910 is started. Status: started
ejabberd is running

Enable jabber service for mail user

Use phpLDAPadmin or other tools to add LDAP values for exist mail user.

• Login in the phpLDAPadmin
• Find the exit mail user www@example.com
• Enable jabber service for the user www@example.com.

Config iptables

Standard ports:

• 5222 Main client port
• 5223 Obsolete secure jabber port
• 5269 Server to server port
• 5280 Web administration

Open /etc/default/iptables  and set correct values:

# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,5222,5223,5269,5280 -j ACCEPT # <-- Add 5222 5223 5269 5280

Restart the iptables service.

/etc/init.d/iptables restart 

Web Access Ejabberd Admin Console

Now you can access http://192.168.1.10:5280/admin/

Login in the ejabberd web admin, We have seting www@example.com as admin for the ejabberd server

You can not create user in webadmin. If you want to create user, you need first add user in iRedAdmin, then enable the jabber service for the user in phpldapadmin.

If you want to add the second virtual domain, you need first create a new domain in iRedAdmin, then modify /etc/ejabberd/ejabberd.cfg .

• Open /etc/ejabberd/ejabberd.cfg and set correct values:

%% Hostname
{hosts, ["example.com","test.com"]}. 

XMPP Client: Pidgin

You can choose your favor XMPP client, now I use Pidgin for test. Download the newst version of Pidgin and install. The setting is simple.

XMPP Federation and DNS Link

To ensure that your ejabberd instance will federate properly with the rest of the XMPP network, particularly with Google's "GTalk" service (i.e. the "@gmail.com" chat tool,) we must set the SRV records for the domain to point to the server where the ejabberd instance is running. We need three records, which can be created in the DNS Management tool of your choice:

   * 1. Service: _xmpp-server Protocol: TCP Port: 5269
   * 2. Service: _xmpp-client Protocol: TCP Port: 5222
   * 3. Service: _jabber Protocol: TCP Port: 5269

The "target" of the SRV record should point to the publicly routable hostname for that machine (e.g. "mail.example.com"). The priority and weight should both be set to 0.