Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Ejabberd Active Directory LDAP Login

Published: 12-06-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


This tutorial shows you how to set up ejabberd to authenticate against aMicrosoft Active Directory LDAP. It is tested with an mixed Server 2008 / Server2012 Active Directory, and ejabberd 2.1.10 running on Debian 7 and Ubuntu 12.04.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

If you need to set up an ejabberd server then you can read my tutorial here howto do that.

This tutorial assumes a working ejabberd installation and a working ActiveDirectory installation.

Edit the /etc/ejabberd/ejabberd.cfg file and change the auth_method frominternal to LDAP, and use the following example settings:

{host_config, "example.org", [{auth_method, ldap},{ldap_servers, ["pdc.example.org", "dc2.example.org", "dc3.example.org"]},{ldap_encrypt, none},{ldap_port, 389},{ldap_uids, [{"sAMAccountName", "%u"}]},{ldap_base, "cn=Users,dc=Example,dc=org"},{ldap_rootdn, "EXAMPLE\\ejabberd-ldap-account"},{ldap_password, "HAc4glzWnhhMHSMEJTUq"}]}.{acl, admin, {user, "adminUser", "example.org"}}.{acl, admin, {user, "remy", "example.org"}}.

As you can see I use the "Example.org" Active Directory domain with three LDAPAD Domain Controllers and with a special ejabberd LDAP bind account. This can bea normal account, but please create a separate one so that if the config ofejabberd gets compromised you only have to change one password at one place.

After setting up the config give ejabberd a restart:

/etc/init.d/ejabberd restart

And you are all set to go. If you use a clustered setup make sure you set thisconfiguration on all the nodes.

Tags: active-directory, chat, dns, ejabberd, erlang, federation, jabber, ldap, microsoft, tutorials, windows-server, xmpp