tuto:ipasserelle:divers:ejabberd_advanced

Ceci est une ancienne révision du document !


Options "avancées" pour Ejabberd

Ejabberd supporte les méthodes HTTP Bind et HTTP Poll (souvent utilisé par les clients web). Pour l'activer sur SME, il faut créer quelques templates-custom pour ejabberd (pour activer la fonction uniquement sur le loopback), et pour apache, pour permettre d'accéder à l'HTTP Bind ou l'HTTP Poll à travers une directive ProxyPass

mkdir -p /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/
cat <<'EOF' > /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/80Ports30http
 
{
$OUT .= "\n".'       % http_bind interface, restrict it to 127.0.0.1, external access is handled by'."\n".
        '       % ProxyPass directives in apache'."\n";
 
$OUT .= '       ';
$OUT .= '%' unless (((${'ejabberd'}{'HTTPBind'} || 'disabled') || 
                    (${'ejabberd'}{'HTTPPoll'} || 'disabled')) ||
                    (${'ejabberd'}{'WebAdmin'} || 'disabled')
                   eq 'enabled');
$OUT .= ',{5280, ejabberd_http,    [ ';
$OUT .= 'http_bind, ' if ((${'ejabberd'}{'HTTPBind'} || 'disabled') eq 'enabled');
$OUT .= 'http_poll, ' if ((${'ejabberd'}{'HTTPPoll'} || 'disabled') eq 'enabled');
$OUT .= 'web_admin, ' if ((${'ejabberd'}{'WebAdmin'} || 'disabled') eq 'enabled');
$OUT .= '{ip, {127, 0, 0, 1}} ]}'."\n";
}
 
EOF
cat <<'EOF' > /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/85Modules
 
{
    $OUT =<<'HERE';
% Used modules:
{modules,
 [
  {mod_register,   [{access, register}]},
  {mod_roster,     []},
  {mod_privacy,    []},
  {mod_adhoc,      []},
  {mod_configure,  []}, % Depends on mod_adhoc
  {mod_configure2, []},
  {mod_disco,      []},
  {mod_stats,      []},
  {mod_vcard,      []},
  {mod_caps,       []},
  {mod_offline,    []},
  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
  {mod_private,    []},
  {mod_irc,        []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
  {mod_muc,        [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]},
  {mod_muc_log,    []},
  {mod_shared_roster, []},
  {mod_pubsub,     [{access_createnode, pubsub_createnode}]},
  {mod_time,       []},
  {mod_last,       []},
%  {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
  {mod_version,    []},
  {mod_ctlextra,    []},
HERE
    $OUT .= '  {mod_http_bind, []},'."\n" if (${'ejabberd'}{'HTTPBind'} || 'disabled') eq 'enabled';
    $OUT .= '  {mod_echo,       [{host, "echo.';
    $OUT .= ${DomainName};
    $OUT .= '"}]}';
    $OUT .= "\n";
    $OUT .= ' ]}.';
    $OUT .= "\n\n";
}
 
EOF
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cat <<'EOF' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98ejabberd
 
{
$OUT .= '';
 
if ((${'ejabberd'}{'WebAdmin'} || 'disabled') eq 'enabled'){
$OUT .=<<'HERE';
 
# ProxyPass requests for /xmpp-admin to ejabberd web_admin interface
ProxyPass /xmpp-admin/ http://127.0.0.1:5280/admin/
ProxyPassReverse /xmpp-admin/ http://127.0.0.1:5280/admin/
 
<Location /xmpp-admin/>
    SSLRequireSSL on
    order deny, allow
    deny from all
    allow from $localAccess $externalSSLAccess
</Location>
 
HERE
 
}
 
if ((${'ejabberd'}{'HTTPBind'} || 'disabled') eq 'enabled'){
$OUT .=<<'HERE';
 
# ProxyPass requests for /http-bind to ejabberd http-bind interface
ProxyPass /http-bind/ http://127.0.0.1:5280/http-bind/
ProxyPassReverse /http-bind/ http://127.0.0.1:5280/http-bind/
 
<Location /http-bind/>
    SSLRequireSSL on
</Location>
 
HERE
 
}
 
if ((${'ejabberd'}{'HTTPPoll'}) || 'disabled' eq 'enabled'){
$OUT .=<<'HERE';
 
# ProxyPass requests for /http-poll to ejabberd http-poll interface
ProxyPass /http-poll/ http://127.0.0.1:5280/http-poll/
ProxyPassReverse /http-poll/ http://127.0.0.1:5280/http-poll/
 
 
<Location /http-poll/>
    SSLRequireSSL on
</Location>
 
HERE
}
}
 
EOF

Maintenant, les deux fonctions peuvent être contrôlé via une clef dans la DB

db configuration setprop ejabberd HTTPBind enabled
expand-template /etc/httpd/conf/httpd.conf
sv t /service/httpd-e-smith
signal-event ejabberd-update
db configuration setprop ejabberd HTTPPoll enabled
expand-template /etc/httpd/conf/httpd.conf
sv t /service/httpd-e-smith
signal-event ejabberd-update

Ejabberd supporte l'authentification basée sur PAM, pour l'activer, il faut créer un petit templates-custom:

mkdir -p /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/
cat <<'EOF' > /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/55AuthConf
{
    $OUT =<<'HERE';
% Authentication method.  If you want to use internal user base, then use
% this line:
{auth_method, [internal,pam]}.
HERE
}
EOF

Suivit d'un petit

signal-event ejabberd-update

Sur SME8, on peut activer l'authentification LDAP (et on évite d'utiliser un binaire en SUID)

mkdir -p /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/
cat <<'EOF' > /etc/e-smith/templates-custom/etc/ejabberd/ejabberd.cfg/55AuthConf
{
 
use esmith::util;
 
our $base = esmith::util::ldapBase ($DomainName);
 
    $OUT =<<"HERE";
% LDAP Auth
{auth_method, ldap}.
 
% LDAP conf
{ldap_servers, ["localhost"]}.
{ldap_base, "ou=Users,$base"}.
 
 
HERE
}

Puis:

signal-event ejabberd-update

Allons-y gaiment, on a un serveur LDAP maintenant, on peut donc configurer le module mod_vcard_ldap, qui permettra (via vjud) de faire des recherches sur nos utilisateurs déclarés dans SME , il suffit d'éditer le template 85Modules, et de remplacer la ligne

  {mod_vcard,      []},

Par:

{mod_vcard_ldap,
   [
    {ldap_base, "ou=Users,$base"},
    {ldap_filter, "(objectClass=inetOrgPerson)"},
    {ldap_vcard_map,
    %% vcard patterns
     [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname
      {"GIVEN", "%s", ["givenName"]},
      {"FAMILY", "%s", ["sn"]},
      {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John"
      {"EMAIL", "%s", ["mail"]},
      {"BDAY", "%s", ["birthDay"]},
      {"ORGNAME", "%s", ["o"]},
      {"ORGUNIT", "%s", ["ou"]},
      {"LOCALITY", "%s", ["l"]},
      {"STREET", "%s", ["Street"]},
      {"TEL", "%s", ["Phone"]}
     ]},
    %% Search form
    {ldap_search_fields,
     [{"User", "%u"},
      {"Name", "givenName"},
      {"Family Name", "sn"},
      {"Email", "mail"}]},
    %% vCard fields to be reported
    %% Note that JID is always returned with search results
    {ldap_search_reported,
     [{"Full Name", "FN"},
      {"Nickname", "NICKNAME"}]}
  ]},
  • tuto/ipasserelle/divers/ejabberd_advanced.1289583424.txt.gz
  • Dernière modification: 12/11/2010 18:37
  • de dani