Integration/Ejabberd.iRedMail.with.OpenLDAP/Ubuntu
From iRedMail
Contents |
Install Ejabberd
| Terminal: |
apt-get install ejabberd |
Configure ejabberd
Find cn=vmail password
vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf
- Open /etc/postfix/ldap_virtual_mailbox_domains.cf and check values:
| File: /etc/postfix/ldap_virtual_mailbox_domains.cf |
bind_dn = cn=vmail,dc=example,dc=com bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y #cn=vmail password |
Setting Ejabberd
Ejabberd's configuration files are written in Erlang syntax, which might be difficult to comprehend. Thankfully, the modifications we need to make are relatively minor and straightforward. The main ejabberd configuration file is located at /etc/ejabberd/ejabberd.cfg. We'll cover each relevant option in turn.
In Erlang, comments begin with the % sign.
- Setting admin and domain, now we setting www@example.com as admin.
- Auth not use internal.
- LDAP auth
Open /etc/ejabberd/ejabberd.cfg and set correct values:
| File: /etc/ejabberd/ejabberd.cfg |
[...]
%% Admin user
{acl, admin, {user, "www", "example.com"}}.
%% Hostname
{hosts, ["example.com"]}.
[...]
%%{auth_method, internal}.
[...] Add below at the botton.
%%% Authenticate against LDAP.
{auth_method, ldap}.
{ldap_servers, ["127.0.0.1"]}.
%%% {ldap_encrypt, tls}.
{ldap_port, 389}.
{ldap_base, "o=domains,dc=example,dc=com"}.
{ldap_rootdn, "cn=vmail,dc=example,dc=com"}.
{ldap_password, "InYTi8qGjamTb6Me2ESwbb6rxQUs5y"}. #cn=vmail password
%%% Enable both normal mail user and mail admin.
{ldap_filter, "(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber))"}.
{ldap_uids, [{"mail", "%u@%d"}]}.
|
Start ejabberd and check the status
| Terminal: |
# /etc/init.d/ejabberd start Starting jabber server: ejabberd. # ejabberdctl status Node ejabberd@u910 is started. Status: started ejabberd is running |
Enable jabber service for mail user
Use phpLDAPadmin or other tools to add LDAP values for exist mail user.
- Login in the phpLDAPadmin
- Find the exit mail user www@example.com
- Enable jabber service for the user www@example.com.
Config iptables
Standard ports:
- 5222 Main client port
- 5223 Obsolete secure jabber port
- 5269 Server to server port
- 5280 Web administration
Open /etc/default/iptables and set correct values:
| File: /etc/default/iptables |
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh -A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,5222,5223,5269,5280 -j ACCEPT # <-- Add 5222 5223 5269 5280 |
Restart the iptables service.
| Terminal: |
/etc/init.d/iptables restart |
Web Access Ejabberd Admin Console
Now you can access http://192.168.1.10:5280/admin/
Login in the ejabberd web admin, We have seting www@example.com as admin for the ejabberd server
You can not create user in webadmin. If you want to create user, you need first add user in iRedAdmin, then enable the jabber service for the user in phpldapadmin.
If you want to add the second virtual domain, you need first create a new domain in iRedAdmin, then modify /etc/ejabberd/ejabberd.cfg .
- Open /etc/ejabberd/ejabberd.cfg and set correct values:
| File: /etc/ejabberd/ejabberd.cfg |
%% Hostname
{hosts, ["example.com","test.com"]}.
|
XMPP Client: Pidgin
You can choose your favor XMPP client, now I use Pidgin for test. Download the newst version of Pidgin and install. The setting is simple.
XMPP Federation and DNS Link
To ensure that your ejabberd instance will federate properly with the rest of the XMPP network, particularly with Google's "GTalk" service (i.e. the "@gmail.com" chat tool,) we must set the SRV records for the domain to point to the server where the ejabberd instance is running. We need three records, which can be created in the DNS Management tool of your choice:
* 1. Service: _xmpp-server Protocol: TCP Port: 5269 * 2. Service: _xmpp-client Protocol: TCP Port: 5222 * 3. Service: _jabber Protocol: TCP Port: 5269
The "target" of the SRV record should point to the publicly routable hostname for that machine (e.g. "mail.example.com"). The priority and weight should both be set to 0.
Troubleshooting
Eable ldap log
- Open /etc/ldap/slapd.conf and set correct values:
| File: /etc/ldap/slapd.conf |
loglevel 256 # <-- change form 0 to 256 |
Restart ldap
| Terminal: |
/etc/init.d/slapd restart |
Monitor the log
After restart the openldap service and monitor the log
root@mail:~# tail -0f /var/log/openldap.log
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SRCH
base="o=domains,dc=example,dc=com" scope=2 deref=0
filter="(&(mail=www@example.com)(&(objectClass=mailUser)(accountStatus=active)(enabledService=jabber)))"
Mar 10 16:51:33 u910 slapd[3643]: conn=125 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND anonymous mech=implicit ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND
dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" method=128
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 BIND
dn="mail=www@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" mech=SIMPLE ssf=0
Mar 10 16:51:33 u910 slapd[3643]: conn=124 op=10 RESULT tag=97 err=0 text=
# tail -0f /var/log/ejabberd/ejabberd.log
=INFO REPORT==== 2010-03-10 16:53:18 ===
I(<0.257.0>:ejabberd_listener:116) : (#Port<0.2811>) Accepted connection
{{192,168,1,147},59815} -> {{192,168,1,10},5222}
=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:559) : ({socket_state,tls,{tlssock,#Port<0.2811>
,#Port<0.2813>},<0.473.0>}) Accepted authentication for www
=INFO REPORT==== 2010-03-10 16:53:19 ===
I(<0.474.0>:ejabberd_c2s:804) : ({socket_state,tls,{tlssock,#Port<0.2811>,
#Port<0.2813>},<0.473.0>}) Opened session for www@example.com/15964533191268211199203489
=INFO REPORT==== 2010-03-10 16:53:30 ===
I(<0.474.0>:ejabberd_c2s:1306) : ({socket_state,tls,{tlssock,#Port<0.2811>,
#Port<0.2813>},<0.473.0>}) Close session for www@example.com/15964533191268211199203489
