Skip to main content Logo (IEC resistor symbol) logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Ejabberd Active Directory LDAP Login

Published: 12-06-2013 | Author: Remy van Elst | Text only version of this article

Table of Contents

This tutorial shows you how to set up ejabberd to authenticate against a Microsoft Active Directory LDAP. It is tested with an mixed Server 2008 / Server 2012 Active Directory, and ejabberd 2.1.10 running on Debian 7 and Ubuntu 12.04.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get $100 credit for 60 days). (referral link)

If you need to set up an ejabberd server then you can read my tutorial here how to do that.

This tutorial assumes a working ejabberd installation and a working Active Directory installation.

Edit the /etc/ejabberd/ejabberd.cfg file and change the auth_method from internal to LDAP, and use the following example settings:

{host_config, "", [{auth_method, ldap},
{ldap_servers, ["", "", ""]},
{ldap_encrypt, none},
{ldap_port, 389},
{ldap_uids, [{"sAMAccountName", "%u"}]},
{ldap_base, "cn=Users,dc=Example,dc=org"},
{ldap_rootdn, "EXAMPLE\\ejabberd-ldap-account"},
{ldap_password, "HAc4glzWnhhMHSMEJTUq"}]}.
{acl, admin, {user, "adminUser", ""}}.
{acl, admin, {user, "remy", ""}}.

As you can see I use the "" Active Directory domain with three LDAP AD Domain Controllers and with a special ejabberd LDAP bind account. This can be a normal account, but please create a separate one so that if the config of ejabberd gets compromised you only have to change one password at one place.

After setting up the config give ejabberd a restart:

/etc/init.d/ejabberd restart

And you are all set to go. If you use a clustered setup make sure you set this configuration on all the nodes.

Tags: active-directory , chat , dns , ejabberd , erlang , federation , jabber , ldap , microsoft , tutorials , windows-server , xmpp