Jabber 1.4 LDAP Roster, Vcard and Authentication Readme
APT, Cable and Wireless, Brentford UK.
April 24, 2001
-------------------------------------------------------------------------------
Table of Contents
1. Introduction
1.1 General
1.2 What This Package Is
2. Getting Things Installed
2.1 Dependencies
2.2 Compilation and Installation
2.3 Problems/Bugs/Modifications
2.4 Platform Issues
3. Jabber Information
3.1 General Information
3.2 Developer Information
4. Jabber.xml Configuration File Additions
4.1 Basic LDAP Integration
4.2 Definition Of LDAP Fields
4.3 Definition of Visplist
5. Other Modifications
5.1 Modifying Number of Concurrent Threads
6. Limitations
6.1 Vcard "EMAIL" Fields
6.2 Zero K Authentication
-------------------------------------------------------------------------------
1. Introduction
1.1. General
This document gives pointers for information on this package as well
as links to learn more about the Jabber project and about participating in
the project.
1.2. What This Package Is
Currently, libcwldap provides Jabber server software with various library
functions in a true multithreaded environment.
These are the current functions supported using LDAP for this release.
o Authetication via LDAP (plain and digest)
o Roster storage and retrieval via LDAP
o Vcard storage and query via LDAP
Future updates will include LDAP password modify options, provision for
offline message storage via LDAP and transport registration via LDAP.
2. Getting Things Installed
2.1. Dependencies
This package is dependent on the following:
o jabber-1.4, available from http://download.jabber.org/
2.2. Compilation and Installation
To install as super user do the following in the libcwldap root directory:
______________________________________________________________________
./configure
make
(become root)
make install
______________________________________________________________________
The module has been designed to sit at the same level as the Jabber-1.4
root directory, as it was modelled on the jabber libs of old.
\
|-jabber-1.4
\-libcwldap-1.4
This code in no way modifies the base jabber server code, so can be used
in conjuction with future server code upgrades (hopefully!!!).
2.3. Problems/Bugs/Modifications
Submit bug reports or modification suggestions to the authors.
2.4. Platform Issues
There are no known platform issues to date. This module has been tested on
Solaris 2.6, Linux 6.0+ and the authentication module on Tru64 5.1.
There may be a digest authentication problem in a 64 bit environment,
as the current shahash algorithm for authetication is written for 32 bit
environments. Modify sha.c in jabberd/lib with the changes, or contact
the authors.
3. Jabber Information
3.1. General Information
For general information about Jabber, including a quick introduction
to Jabber concepts, see the FAQ at http://docs.jabber.org/.
3.2. Developer Information
This code has been written by Glyn Griffiths and Dave Hepworth at Cable and
Wireless in the UK as part of an internal rollout of the Jabber IM system.
The specific needs of Cable and Wireless have been catered for in this code.
The developers can be contacted via email.
Glyn Griffiths - glyng@cwcom.net
Dave Hepworth - dave.hepworth@cw.com
Please contact if you have any queries or suggestions.
4. Jabber.xml Configuration File Additions
4.1 Basic LDAP Integration
By modifying entries in jabber.xml, it is possible to allow LDAP access using
this library.
Add the following configuration details to your jabber.xml file after the
Jabber Session Manager has been defined. The following text should be used as
a guide, as attributes will vary from server to server.
/usr/local/lib/libcwldap.so
jabber:iq:auth
jabber:iq:roster
vcard-temp
Following this text should be the default xdb configurations.
4.2 Definition Of LDAP Fields
Base
----
ldap-host this is the ip address of the LDAP database
ldap-port port number for the server to connect to
ldap-mgrdn base dn used for initial bind to database
ldap-mgrpwd password used for initial bind to database
ldap-visplist file path for virtual isp configuration file (see 4.3)
ldap-user-attribute user name field in database
ldap-password-attribute password field in database
ldap-roster-attribute roster field in database
Vcard
-----
Any entries that do not have the ldap- prefix are considered Vcard entries.
Please use CAPITALS!
These Vcard entries map what the clients use to internal fields in the LDAP
database. For example, the FN attribute in Vcard maps the imFriendlyName in
the database.
So far, this module supports Vcard data generated by Jabber IM and Winjab
clients.
A list of supported fields include
FN
FAMILY
GIVEN
MIDDLE
NICKNAME
URL
BDAY
STREET STREET_WORK
EXTADD EXTADD_WORK
LOCALITY LOCALITY_WORK
REGION REGION_WORK
POSTCODE POSTCODE_WORK
COUNTRY COUNTRY_WORK
ORGNAME
ORGUNIT
TITLE
ROLE
VOICE VOICE_WORK
FAX FAX_WORK
MSG MSG_WORK
EMAIL
EMAIL_OTHER
The _WORK and _OTHER suffixes were used to differentiate for storage between
data for HOME and WORK, though these tags are not found in the resultant xml
that is generated and sent to the user - its just HOME and WORK.
Namespaces
----------
The tag allows different modules to pick up different name tags. The two
modules currently used are xdb_ldap and xdb_file.
If a namespace is defined in xdb_ldap, then the ldap module will handle any
queries that are sent to that namespace. Supported queries so far include
jabber:iq:auth, jabber:iq:roster and vcard-temp.
To disable the ldap handling of any of these namespaces, simply remove and
place in xdb_file (default).
This way you can use, if you want, all, some or none of the functionality
provided by this module.
Zero K authentication is not supported by this module.
4.3 Definition of Visplist
The Visplist was created for Jabber 1.0 by Cable and Wireless in an attempt to
support multiple server names and unique user names before Jabber 1.2 was
released.
It is still in use and defines the directory path in the LDAP database for all
users associated with a particular domain.
---8<---
This is the Cable and Wireless VISP Search Base lookup table
for the Jabber Server. It defines the LDAP Search Base for each VISP.
This section defines the LDAP search path to the search base of each VISP.
It is currently the only top-level section in the file, but defining it as a
section allows other sections to be added later, if necessary.
balrogtoxic.cwipapps.net
ou=users,ou=balrog,ou=domains,ou=InstantMessaging,ou=domains,o=cwc
balrog195.44.58.111
ou=users,ou=balrog,ou=domains,ou=InstantMessaging,ou=domains,o=cwc
---8<---
is the directory in the data base the users are stored
is the full host name or IP address of the Jabber server
maps the dn to the user datafiles
5 Other Modifications
5.1 Modifying Number Of Concurrent Threads
To modify the current number of concurrent threads in use, depending on
application demands, edit the file /include/cw_sysdef.h and modify the text
#define LMT_THREADS 10
and recompile the library. The default number of threads is 10.
6 Limitations
6.1 Vcard "EMAIL" Fields
Currently, the code will only support one INTERNET/EMAIL/PREF (EMAIL entry in
Vcard) email address and one INTERNET/EMAIL (EMAIL_OTHER) address.
6.2 Zero K Authentication
Zero K Authentication is not supported by this module. It is advised that if
you have no need for Zero K, then disable it completely.