Integration/Ejabberd.iRedMail.with.OpenLDAP/Ubuntu

From iRedMail
(Difference between revisions)
Jump to: navigation, search
(Monitor the log)
 

Latest revision as of 01:06, 18 April 2010

Contents

[edit] Install Ejabberd

Terminal:
apt-get install ejabberd

[edit] Configure ejabberd

[edit] Find cn=vmail password

vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf

  • Open /etc/postfix/ldap_virtual_mailbox_domains.cf and check values:
File: /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = InYTi8qGjamTb6Me2ESwbb6rxQUs5y #cn=vmail password

[edit] Setting Ejabberd

Ejabberd's configuration files are written in Erlang syntax, which might be difficult to comprehend. Thankfully, the modifications we need to make are relatively minor and straightforward. The main ejabberd configuration file is located at /etc/ejabberd/ejabberd.cfg. We'll cover each relevant option in turn.

In Erlang, comments begin with the % sign.

  • Setting admin and domain, now we setting www@example.com as admin.
  • Auth not use internal.
  • LDAP auth

Open /etc/ejabberd/ejabberd.cfg and set correct values:

File: /etc/ejabberd/ejabberd.cfg

[...]
%% Admin user
{acl, admin, {user, "www", "example.com"}}.
%% Hostname
{hosts, ["example.com"]}. 

[...]

%%{auth_method, internal}. 

[...] Add below at the botton.
%%% Authenticate against LDAP.
{auth_method, ldap}.
{ldap_servers, ["127.0.0.1"]}.
%%% {ldap_encrypt, tls}.
{ldap_port, 389}.
{ldap_base, "o=domains,dc=example,dc=com"}.
{ldap_rootdn, "cn=vmail,dc=example,dc=com"}.
{ldap_password, "InYTi8qGjamTb6Me2ESwbb6rxQUs5y"}. #cn=vmail password
%%% Enable both normal mail user and mail admin.
{ldap_filter, "(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber))"}.
{ldap_uids, [{"mail", "%u@%d"}]}.


[edit] Start ejabberd and check the status

Terminal:
# /etc/init.d/ejabberd start
Starting jabber server: ejabberd.
# ejabberdctl status
Node ejabberd@u910 is started. Status: started
ejabberd is running

[edit] Enable jabber service for mail user

Use phpLDAPadmin or other tools to add LDAP values for exist mail user.

  • Login in the phpLDAPadmin
  • Find the exit mail user www@example.com
  • Enable jabber service for the user www@example.com.

[edit] Config iptables

Standard ports:

  • 5222 Main client port
  • 5223 Obsolete secure jabber port
  • 5269 Server to server port
  • 5280 Web administration
Open /etc/default/iptables  and set correct values:
File: /etc/default/iptables

# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,5222,5223,5269,5280 -j ACCEPT # <-- Add 5222 5223 5269 5280

Restart the iptables service.

Terminal:
/etc/init.d/iptables restart 

[edit] Web Access Ejabberd Admin Console

Now you can access http://192.168.1.10:5280/admin/

Login in the ejabberd web admin, We have seting www@example.com as admin for the ejabberd server

You can not create user in webadmin. If you want to create user, you need first add user in iRedAdmin, then enable the jabber service for the user in phpldapadmin.

If you want to add the second virtual domain, you need first create a new domain in iRedAdmin, then modify /etc/ejabberd/ejabberd.cfg .

  • Open /etc/ejabberd/ejabberd.cfg and set correct values:
File: /etc/ejabberd/ejabberd.cfg
%% Hostname
{hosts, ["example.com","test.com"]}. 

[edit] XMPP Client: Pidgin

You can choose your favor XMPP client, now I use Pidgin for test. Download the newst version of Pidgin and install. The setting is simple.

[edit] XMPP Federation and DNS Link

To ensure that your ejabberd instance will federate properly with the rest of the XMPP network, particularly with Google's "GTalk" service (i.e. the "@gmail.com" chat tool,) we must set the SRV records for the domain to point to the server where the ejabberd instance is running. We need three records, which can be created in the DNS Management tool of your choice:

   * 1. Service: _xmpp-server Protocol: TCP Port: 5269
   * 2. Service: _xmpp-client Protocol: TCP Port: 5222
   * 3. Service: _jabber Protocol: TCP Port: 5269

The "target" of the SRV record should point to the publicly routable hostname for that machine (e.g. "mail.example.com"). The priority and weight should both be set to 0.

[edit] Troubleshooting

[edit] Eable ldap log

  • Open /etc/ldap/slapd.conf and set correct values:
File: /etc/ldap/slapd.conf
loglevel    256 # <-- change form 0 to 256  

Restart ldap

Terminal:
/etc/init.d/slapd restart

[edit] Monitor the log

Monitor the OpenLDAP and Ejabberd log


root@mail:~# tail -0f /var/log/openldap.log
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SRCH 

base="o=domains,dc=example,dc=com" scope=2 deref=0 

filter="(&(mail=www@example.com)(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber)))"
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND anonymous mech=implicit ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND 

dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" method=128
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND 

 dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 RESULT tag=97 err=0 text=

# tail -0f /var/log/ejabberd/ejabberd.log
=INFO REPORT==== 2010-03-10 16:53:18 ===
I(<0.257.0>:ejabberd_listener:116) : (#Port<0.2811>) Accepted connection 

{{192,168,1,147},59815} -> {{192,168,1,10},5222}

=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:559) : ({socket_state,tls,{tlssock,#Port<0.2811>

,#Port<0.2813>},<0.473.0>}) Accepted authentication for www

=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:804) : ({socket_state,tls,{tlssock,#Port<0.2811>,

#Port<0.2813>},<0.473.0>}) Opened session for www@example.com/15964533191268211199203489

=INFO REPORT==== 2010-03-10 16:53:30 ===
I(<0.474.0>:ejabberd_c2s:1306) : ({socket_state,tls,{tlssock,#Port<0.2811>,

#Port<0.2813>},<0.473.0>}) Close session for www@example.com/15964533191268211199203489

Personal tools