RTzRa's hive - software:ejabberd Все работает https://wiki.rtzra.ru/ Thu, 04 Jun 2026 12:54:40 +0000 FeedCreator 1.8 https://wiki.rtzra.ru/_media/wiki/logo.png RTzRa's hive https://wiki.rtzra.ru/ Подключаем пользователей Active Directory к ejabberd https://wiki.rtzra.ru/software/ejabberd/ejabberd-ldap <h1 class="sectionedit1" id="podkljuchaem_polzovatelej_active_directory_k_ejabberd">Подключаем пользователей Active Directory к ejabberd</h1> <div class="level1"> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Active Directory \u043a ejabberd&quot;,&quot;hid&quot;:&quot;podkljuchaem_polzovatelej_active_directory_k_ejabberd&quot;,&quot;codeblockOffset&quot;:0,&quot;secid&quot;:1,&quot;range&quot;:&quot;1-92&quot;} --> <h2 class="sectionedit2" id="sertifikat">Сертификат</h2> <div class="level2"> <p> Генерация сертификата сервера: </p> <pre class="code">$ openssl req -newkey rsa:1024 -keyout ejabberd.pem -nodes -x509 -days 3650 -out ejabberd.cer $ echo &quot;&quot; &gt;&gt; ejabberd.pem $ cat ejabberd.cer &gt;&gt; ejabberd.pem $ chown ejabberd:ejabberd ejabberd.pem $ chmod 0400 ejabberd.pem $ rm ejabberd.cer</pre> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442&quot;,&quot;hid&quot;:&quot;sertifikat&quot;,&quot;codeblockOffset&quot;:0,&quot;secid&quot;:2,&quot;range&quot;:&quot;93-438&quot;} --> <h2 class="sectionedit3" id="vkljuchaem_gruppu_polzovatelej">Включаем группу пользователей</h2> <div class="level2"> <p> Выбираем данные о пользователях. Пользователь должен быть: </p> <ul> <li class="level1"><div class="li"> Членом группы JabberUsers</div> </li> <li class="level1"><div class="li"> В свойствах пользователя за закладке «Организация» должно быть заполнено поле «Отдел» - именно по нему осуществляется группировка</div> </li> </ul> <pre class="code">{mod_shared_roster_ldap, [{ldap_groupattr,&quot;department&quot;}, {ldap_groupdesc,&quot;department&quot;}, {ldap_base, &quot;dc=YOU-DOMAIN&quot;}, {ldap_rfilter, &quot;(&amp;(memberOf=CN=JabberUsers,CN=Users,DC=YOU-DOMAIN)(|(userAccountControl=66050)(userAccountControl=66048)))&quot;}, {ldap_memberattr,&quot;sAMAccountName&quot;}, {ldap_userdesc,&quot;cn&quot;} ] }</pre> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0433\u0440\u0443\u043f\u043f\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439&quot;,&quot;hid&quot;:&quot;vkljuchaem_gruppu_polzovatelej&quot;,&quot;codeblockOffset&quot;:1,&quot;secid&quot;:3,&quot;range&quot;:&quot;439-1253&quot;} --> <h2 class="sectionedit4" id="informacija_iz_ldap">Информация из LDAP</h2> <div class="level2"> <p> Выбираем из LDAP информацию в нужном формате: </p> <pre class="code"> {mod_vcard_ldap, [{ldap_vcard_map, [{&quot;NICKNAME&quot;, &quot;%u&quot;, []}, {&quot;GIVEN&quot;, &quot;%s&quot;, [&quot;givenName&quot;]}, {&quot;MIDDLE&quot;, &quot;%s&quot;, [&quot;initials&quot;]}, {&quot;FAMILY&quot;, &quot;%s&quot;, [&quot;sn&quot;]}, {&quot;FN&quot;, &quot;%s&quot;, [&quot;displayName&quot;]}, {&quot;EMAIL&quot;, &quot;%s&quot;, [&quot;mail&quot;]}, {&quot;ORGNAME&quot;, &quot;%s&quot;, [&quot;company&quot;]}, {&quot;ORGUNIT&quot;, &quot;%s&quot;, [&quot;department&quot;]}, {&quot;CTRY&quot;, &quot;%s&quot;, [&quot;c&quot;]}, {&quot;LOCALITY&quot;, &quot;%s&quot;, [&quot;l&quot;]}, {&quot;STREET&quot;, &quot;%s&quot;, [&quot;streetAddress&quot;]}, {&quot;REGION&quot;, &quot;%s&quot;, [&quot;st&quot;]}, {&quot;PCODE&quot;, &quot;%s&quot;, [&quot;postalCode&quot;]}, {&quot;TITLE&quot;, &quot;%s&quot;, [&quot;title&quot;]}, {&quot;URL&quot;, &quot;%s&quot;, [&quot;wWWHomePage&quot;]}, {&quot;DESC&quot;, &quot;%s&quot;, [&quot;description&quot;]}, {&quot;TEL&quot;, &quot;%s&quot;, [&quot;telephoneNumber&quot;]}]}, {ldap_search_fields, [{&quot;User&quot;, &quot;%u&quot;}, {&quot;Name&quot;, &quot;givenName&quot;}, {&quot;Family Name&quot;, &quot;sn&quot;}, {&quot;Email&quot;, &quot;mail&quot;}, {&quot;Company&quot;, &quot;company&quot;}, {&quot;Department&quot;, &quot;department&quot;}, {&quot;Role&quot;, &quot;title&quot;}, {&quot;Description&quot;, &quot;description&quot;}, {&quot;Phone&quot;, &quot;telephoneNumber&quot;}]}, {ldap_search_reported, [{&quot;Full Name&quot;, &quot;FN&quot;}, {&quot;Nickname&quot;, &quot;NICKNAME&quot;}, {&quot;Email&quot;, &quot;EMAIL&quot;}]} ]}</pre> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0438\u0437 LDAP&quot;,&quot;hid&quot;:&quot;informacija_iz_ldap&quot;,&quot;codeblockOffset&quot;:2,&quot;secid&quot;:4,&quot;range&quot;:&quot;1254-2467&quot;} --> <h2 class="sectionedit5" id="vse_vidjat_vsex">&quot;Все видят всех&quot;</h2> <div class="level2"> <p> Включаем в ejabber.cfg модуль mod_shared_roster, заходим через веб-интерфейс Виртуальные хосты → ваш хост → Группы общих контактов и добавляем новый: </p> <ul> <li class="level1"><div class="li"> Название: EveryBody</div> </li> <li class="level1"><div class="li"> Описание: This group contains everybody</div> </li> <li class="level1"><div class="li"> Члены: @all@</div> </li> <li class="level1"><div class="li"> Видимые группы: everybody</div> </li> </ul> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\&quot;\u0412\u0441\u0435 \u0432\u0438\u0434\u044f\u0442 \u0432\u0441\u0435\u0445\&quot;&quot;,&quot;hid&quot;:&quot;vse_vidjat_vsex&quot;,&quot;codeblockOffset&quot;:3,&quot;secid&quot;:5,&quot;range&quot;:&quot;2468-2907&quot;} --> <h2 class="sectionedit6" id="domennaja_zona">Доменная зона</h2> <div class="level2"> <p> Если необходимо автоматическое подключение к серверу, прописываем в <abbr title="Domain Name System">DNS</abbr>: </p> <ul> <li class="level1"><div class="li"> _jabber._tcp.company.ru. 3600 IN SRV 5 0 5269 company.ru.</div> </li> <li class="level1"><div class="li"> _xmpp-server._tcp.company.ru. 3600 IN SRV 5 0 5269 company.ru.</div> </li> <li class="level1"><div class="li"> _xmpp-client._tcp.company.ru. 3600 IN SRV 5 0 5222 company.ru.</div> </li> <li class="level1"><div class="li"> jabber.company.ru. 3600 IN CNAME company.ru.</div> </li> <li class="level1"><div class="li"> icq.company.ru. 3600 IN CNAME company.ru.</div> </li> </ul> <p> Проверить все ли верно можно командой </p> <pre class="code">nslookup -type=SRV _xmpp-client._tcp.company.ru</pre> <div class="tags"><span> <a href="https://wiki.rtzra.ru/tag/ejabberd?do=showtag&amp;tag=ejabberd" class="wikilink1 tag label label-default mx-1" title="tag:ejabberd" rel="tag"><span class="iconify" data-icon="mdi:tag-text-outline"></span> ejabberd</a>, <a href="https://wiki.rtzra.ru/tag/jabber?do=showtag&amp;tag=jabber" class="wikilink1 tag label label-default mx-1" title="tag:jabber" rel="tag"><span class="iconify" data-icon="mdi:tag-text-outline"></span> jabber</a>, <a href="https://wiki.rtzra.ru/tag/ldap?do=showtag&amp;tag=ldap" class="wikilink1 tag label label-default mx-1" title="tag:ldap" rel="tag"><span class="iconify" data-icon="mdi:tag-text-outline"></span> ldap</a>, <a href="https://wiki.rtzra.ru/tag/ad?do=showtag&amp;tag=ad" class="wikilink1 tag label label-default mx-1" title="tag:ad" rel="tag"><span class="iconify" data-icon="mdi:tag-text-outline"></span> ad</a>, <a href="https://wiki.rtzra.ru/tag/active_directory?do=showtag&amp;tag=active_directory" class="wikilink1 tag label label-default mx-1" title="tag:active_directory" rel="tag"><span class="iconify" data-icon="mdi:tag-text-outline"></span> active directory</a> </span></div> </div> <!-- EDIT{&quot;target&quot;:&quot;section&quot;,&quot;name&quot;:&quot;\u0414\u043e\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u043e\u043d\u0430&quot;,&quot;hid&quot;:&quot;domennaja_zona&quot;,&quot;codeblockOffset&quot;:3,&quot;secid&quot;:6,&quot;range&quot;:&quot;2908-&quot;} --> anonymous@undisclosed.example.com (Anonymous) Tue, 09 May 2017 15:34:00 +0000