Skip to main content

Ejabberd Active Directory LDAP Login

12-06-2013 | Remy van Elst | Text only version of this article

Table of Contents

This tutorial shows you how to set up ejabberd to authenticate against a Microsoft Active Directory LDAP. It is tested with an mixed Server 2008 / Server 2012 Active Directory, and ejabberd 2.1.10 running on Debian 7 and Ubuntu 12.04.

If you need to set up an ejabberd server then you can read my tutorial here how to do that. If you need a VPS to set up ejabberd you can use an Inception Hosting VPS to set up your own XMPP server, I use them and they are very stable and offer good performance and pricing.

This tutorial assumes a working ejabberd installation and a working Active Directory installation.

Edit the /etc/ejabberd/ejabberd.cfg file and change the auth_method from internal to LDAP, and use the following example settings:

{host_config, "", [{auth_method, ldap},
{ldap_servers, ["", "", ""]},
{ldap_encrypt, none},
{ldap_port, 389},
{ldap_uids, [{"sAMAccountName", "%u"}]},
{ldap_base, "cn=Users,dc=Example,dc=org"},
{ldap_rootdn, "EXAMPLE\\ejabberd-ldap-account"},
{ldap_password, "HAc4glzWnhhMHSMEJTUq"}]}.
{acl, admin, {user, "adminUser", ""}}.
{acl, admin, {user, "remy", ""}}.

As you can see I use the "" Active Directory domain with three LDAP AD Domain Controllers and with a special ejabberd LDAP bind account. This can be a normal account, but please create a separate one so that if the config of ejabberd gets compromised you only have to change one password at one place.

After setting up the config give ejabberd a restart:

/etc/init.d/ejabberd restart

And you are all set to go. If you use a clustered setup make sure you set this configuration on all the nodes.

Tags: active-directory  chat  dns  ejabberd  erlang  federation  jabber  ldap  microsoft  tutorials  windows-server  xmpp