Ejabberd Active Directory LDAP Login

12-06-2013 | Remy van Elst

Table of Contents

This tutorial shows you how to set up ejabberd to authenticate against a Microsoft Active Directory LDAP. It is tested with an mixed Server 2008 / Server 2012 Active Directory, and ejabberd 2.1.10 running on Debian 7 and Ubuntu 12.04.

If you need to set up an ejabberd server then you can read my tutorial here how to do that. If you need a VPS to set up ejabberd you can use an Inception Hosting VPS to set up your own XMPP server, I use them and they are very stable and offer good performance and pricing.

This tutorial assumes a working ejabberd installation and a working Active Directory installation.

Edit the /etc/ejabberd/ejabberd.cfg file and change the auth_method from internal to LDAP, and use the following example settings:

{host_config, "example.org", [{auth_method, ldap},
{ldap_servers, ["pdc.example.org", "dc2.example.org", "dc3.example.org"]},
{ldap_encrypt, none},
{ldap_port, 389},
{ldap_uids, [{"sAMAccountName", "%u"}]},
{ldap_base, "cn=Users,dc=Example,dc=org"},
{ldap_rootdn, "EXAMPLE\\ejabberd-ldap-account"},
{ldap_password, "HAc4glzWnhhMHSMEJTUq"}]}.
{acl, admin, {user, "adminUser", "example.org"}}.
{acl, admin, {user, "remy", "example.org"}}.

As you can see I use the "Example.org" Active Directory domain with three LDAP AD Domain Controllers and with a special ejabberd LDAP bind account. This can be a normal account, but please create a separate one so that if the config of ejabberd gets compromised you only have to change one password at one place.

After setting up the config give ejabberd a restart:

/etc/init.d/ejabberd restart

And you are all set to go. If you use a clustered setup make sure you set this configuration on all the nodes.

Tags: active-directory, chat, dns, ejabberd, erlang, federation, jabber, ldap, microsoft, windows-server, xmpp,