Jabber 1.4 LDAP Roster, Vcard and Authentication Readme APT, Cable and Wireless, Brentford UK. April 24, 2001 ------------------------------------------------------------------------------- Table of Contents 1. Introduction 1.1 General 1.2 What This Package Is 2. Getting Things Installed 2.1 Dependencies 2.2 Compilation and Installation 2.3 Problems/Bugs/Modifications 2.4 Platform Issues 3. Jabber Information 3.1 General Information 3.2 Developer Information 4. Jabber.xml Configuration File Additions 4.1 Basic LDAP Integration 4.2 Definition Of LDAP Fields 4.3 Definition of Visplist 5. Other Modifications 5.1 Modifying Number of Concurrent Threads 6. Limitations 6.1 Vcard "EMAIL" Fields 6.2 Zero K Authentication ------------------------------------------------------------------------------- 1. Introduction 1.1. General This document gives pointers for information on this package as well as links to learn more about the Jabber project and about participating in the project. 1.2. What This Package Is Currently, libcwldap provides Jabber server software with various library functions in a true multithreaded environment. These are the current functions supported using LDAP for this release. o Authetication via LDAP (plain and digest) o Roster storage and retrieval via LDAP o Vcard storage and query via LDAP Future updates will include LDAP password modify options, provision for offline message storage via LDAP and transport registration via LDAP. 2. Getting Things Installed 2.1. Dependencies This package is dependent on the following: o jabber-1.4, available from http://download.jabber.org/ 2.2. Compilation and Installation To install as super user do the following in the libcwldap root directory: ______________________________________________________________________ ./configure make (become root) make install ______________________________________________________________________ The module has been designed to sit at the same level as the Jabber-1.4 root directory, as it was modelled on the jabber libs of old. \ |-jabber-1.4 \-libcwldap-1.4 This code in no way modifies the base jabber server code, so can be used in conjuction with future server code upgrades (hopefully!!!). 2.3. Problems/Bugs/Modifications Submit bug reports or modification suggestions to the authors. 2.4. Platform Issues There are no known platform issues to date. This module has been tested on Solaris 2.6, Linux 6.0+ and the authentication module on Tru64 5.1. There may be a digest authentication problem in a 64 bit environment, as the current shahash algorithm for authetication is written for 32 bit environments. Modify sha.c in jabberd/lib with the changes, or contact the authors. 3. Jabber Information 3.1. General Information For general information about Jabber, including a quick introduction to Jabber concepts, see the FAQ at http://docs.jabber.org/. 3.2. Developer Information This code has been written by Glyn Griffiths and Dave Hepworth at Cable and Wireless in the UK as part of an internal rollout of the Jabber IM system. The specific needs of Cable and Wireless have been catered for in this code. The developers can be contacted via email. Glyn Griffiths - glyng@cwcom.net Dave Hepworth - dave.hepworth@cw.com Please contact if you have any queries or suggestions. 4. Jabber.xml Configuration File Additions 4.1 Basic LDAP Integration By modifying entries in jabber.xml, it is possible to allow LDAP access using this library. Add the following configuration details to your jabber.xml file after the Jabber Session Manager has been defined. The following text should be used as a guide, as attributes will vary from server to server. /usr/local/lib/libcwldap.so jabber:iq:auth jabber:iq:roster vcard-temp Following this text should be the default xdb configurations. 4.2 Definition Of LDAP Fields Base ---- ldap-host this is the ip address of the LDAP database ldap-port port number for the server to connect to ldap-mgrdn base dn used for initial bind to database ldap-mgrpwd password used for initial bind to database ldap-visplist file path for virtual isp configuration file (see 4.3) ldap-user-attribute user name field in database ldap-password-attribute password field in database ldap-roster-attribute roster field in database Vcard ----- Any entries that do not have the ldap- prefix are considered Vcard entries. Please use CAPITALS! These Vcard entries map what the clients use to internal fields in the LDAP database. For example, the FN attribute in Vcard maps the imFriendlyName in the database. So far, this module supports Vcard data generated by Jabber IM and Winjab clients. A list of supported fields include FN FAMILY GIVEN MIDDLE NICKNAME URL BDAY STREET STREET_WORK EXTADD EXTADD_WORK LOCALITY LOCALITY_WORK REGION REGION_WORK POSTCODE POSTCODE_WORK COUNTRY COUNTRY_WORK ORGNAME ORGUNIT TITLE ROLE VOICE VOICE_WORK FAX FAX_WORK MSG MSG_WORK EMAIL EMAIL_OTHER The _WORK and _OTHER suffixes were used to differentiate for storage between data for HOME and WORK, though these tags are not found in the resultant xml that is generated and sent to the user - its just HOME and WORK. Namespaces ---------- The tag allows different modules to pick up different name tags. The two modules currently used are xdb_ldap and xdb_file. If a namespace is defined in xdb_ldap, then the ldap module will handle any queries that are sent to that namespace. Supported queries so far include jabber:iq:auth, jabber:iq:roster and vcard-temp. To disable the ldap handling of any of these namespaces, simply remove and place in xdb_file (default). This way you can use, if you want, all, some or none of the functionality provided by this module. Zero K authentication is not supported by this module. 4.3 Definition of Visplist The Visplist was created for Jabber 1.0 by Cable and Wireless in an attempt to support multiple server names and unique user names before Jabber 1.2 was released. It is still in use and defines the directory path in the LDAP database for all users associated with a particular domain. ---8<--- This is the Cable and Wireless VISP Search Base lookup table for the Jabber Server. It defines the LDAP Search Base for each VISP. This section defines the LDAP search path to the search base of each VISP. It is currently the only top-level section in the file, but defining it as a section allows other sections to be added later, if necessary. balrogtoxic.cwipapps.net ou=users,ou=balrog,ou=domains,ou=InstantMessaging,ou=domains,o=cwc balrog195.44.58.111 ou=users,ou=balrog,ou=domains,ou=InstantMessaging,ou=domains,o=cwc ---8<--- is the directory in the data base the users are stored is the full host name or IP address of the Jabber server maps the dn to the user datafiles 5 Other Modifications 5.1 Modifying Number Of Concurrent Threads To modify the current number of concurrent threads in use, depending on application demands, edit the file /include/cw_sysdef.h and modify the text #define LMT_THREADS 10 and recompile the library. The default number of threads is 10. 6 Limitations 6.1 Vcard "EMAIL" Fields Currently, the code will only support one INTERNET/EMAIL/PREF (EMAIL entry in Vcard) email address and one INTERNET/EMAIL (EMAIL_OTHER) address. 6.2 Zero K Authentication Zero K Authentication is not supported by this module. It is advised that if you have no need for Zero K, then disable it completely.