Hi, I've just added ticket #180, providing a patch to improve LDAP configurability. Follows is a copy-paste of the description.
<timid mode>This is the first time I'm contributing back a patch to an OSS project, and I guess the code quality shows. If you think the idea is worthwhile, I wouldn't mind feedback on the quailty</timid mode> best regards, Jean --------------------- authreg_ldap patch. This adds <uidattr_format> and <filter> configuration options to the c2s ldap configuration section, to enable finer configuration of LDAP search. the <filter> option allows you to specify an LDAP filter string which will be appended (AND) to the main (uid=$USERNAME) search string. This is useful if you wish to restrict your search in special ways, typically if you organise your user groups by adding an attribute rather than putting them in a subtree. For example, putting "(objectClass=inetorgerson)" in filter will result in sending "(&(uid=$USERNAME)(objectClass=inetorgerson))" to the LDAP server. the <uidattr_format> option allows you to customise the UID Attribute format further than with <append_realm>. You can specify a string containing at least '%u' and either '%r' or '%d'. '%u' will be replaced by the username, and '%r' or '%d' will be replaced by the jabber server's realm/domain. I couldn't decide whether to use only %r or %d, so I included both. You must not use '%r' and '%d' at the same time. Warning: this configuration string is parsed for %u and %r or %d, then passed as a format string to snprintf(). Any other printf-style format strings in <uidattr_format> will break your system, burn your house and kill your dog. Legacy compatibility: - not specifying <uidattr-format> is the same as specifying '%u', and the LDAP filter string will contain ($uidattr=$username) - <append-realm/> can be replaced by putting <uidattr_format> to '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]', and the LDAP filter string will contain ([EMAIL PROTECTED]), thus, <append-realm) is deprecated. Why this patch? I needed to search on my user's 'mail' LDAP attribute which contained the full '[EMAIL PROTECTED] string'. Except the domain in LDAP was different than that of my jabber server, and couldn't change either. I thus needed to alter the LDAP search string in the server, by setting <uidattr>=mail and <uidattr_format>[EMAIL PROTECTED] Why include both %r and %d as possible options in "uidattr_format"? The Jabberd2 code and doc calls the "domain" part of a JID the "realm", possibly to highlight the nuance there is between the internal jabber notion and what we commonly use on the internet. However, it's been my experience that the realm is always a proper inet domain. %r would be easier to remember for those who are used to thinking about "realms", but I believe most admins think of it as a "domain", and would prefer %d
authreg_ldap.c.diff.gz
Description: GNU Zip compressed data
_______________________________________________ Jabberd2 mailing list [email protected] http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com
