Quoting "Sergei Golovan" <[EMAIL PROTECTED]>:
Seems too much to me. OK, I'll try to figure out where the bug is. By
the way, are you using IPv4 or IPv6 in your environment? And please,
send me your ejabebrd config file (with any sensitive info censored).
It's pure IPv4. The ldap servers are Active Directory domain controllers.
As you can see from the config, there are two domains. One server is
capable of LDAPS (domain1.com), the other currently not (domain2.com).
Config is attached. Basically the setup works quiet well beside the
open-files problem.
Thanks,
Andreas
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 4}.
%% watchdog_admins: If an ejabberd process consumes too much memory,
%% send live notifications to those Jabber accounts.
%%
{watchdog_admins, ["[EMAIL PROTECTED]"]}.
%%% ================
%%% SERVED HOSTNAMES
%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, ["domain1.com","jabber.domain1.com","domains2.com"]}.
%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%%
%%{route_subdomains, s2s}.
%%% ===============
%%% LISTENING PORTS
%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%%
{listen,
[
{5222, ejabberd_c2s, [
{certfile, "/etc/ejabberd/ejabberd.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
%%
%% To enable the old SSL connection method in port 5223:
%%
%%{5223, ejabberd_c2s, [
%% {certfile,
"/home/lefant/ejabberd-2.0.0/conf/server.pem"}, tls,
%% {access, c2s},
%% {shaper, c2s_shaper},
%% {max_stanza_size, 65536}
%% ]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [
http_bind,
http_poll,
web_admin
]}
]}.
%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% You must specify a certificate file.
%%
{s2s_use_starttls, true}.
%%
%% s2s_certfile: Specify a certificate file.
%%
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org",
"/home/lefant/ejabberd-2.0.0/conf/example_org.pem"}.
%%{domain_certfile, "example.com",
"/home/lefant/ejabberd-2.0.0/conf/example_com.pem"}.
%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
{s2s_default_policy, allow}.
%%
%% Allow or deny communication with specific servers.
%%
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.
%%% ==============
%%% AUTHENTICATION
%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
%%{auth_method, internal}.
%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
%%{auth_method, external}.
%%{extauth_program, "/path/to/authentication/script"}.
%%
%% Authentication using ODBC
%% Remember to setup a database in the next section.
%%
%%{auth_method, odbc}.
%%
%% Authentication using PAM
%%
%%{auth_method, pam}.
%%{pam_service, "pamservicename"}.
%%
%% Authentication using LDAP
%%
%%{auth_method, ldap}.
%%
%% List of LDAP servers:
%%{ldap_servers, ["ldap.domain1.com"]}.
%%
%% LDAP attribute that holds user ID:
%%{ldap_uids, [{"mail", "[EMAIL PROTECTED]"}]}.
%%
%% Search base of LDAP directory:
%%{ldap_base, "dc=example,dc=com"}.
%%
%% LDAP manager:
%%{ldap_rootdn, "dc=example,dc=com"}.
%%
%% Password to LDAP manager:
%%{ldap_password, "******"}.
{ldap_port, 389}.
{ldap_uids, [{"sAMAccountName"}]}.
{ldap_filter,
"(&(objectClass=person)(physicalDeliveryOfficeName=*)(!(extensionAttribute6=1))(!(extensionAttribute7=1))(!(objectClass=computer))(!(objectClass=contact)))"}.
{host_config, "domain1.com", [{auth_method, ldap},
{ldap_servers, ["ldap.domain1.com"]},
{ldap_encrypt, tls},
{ldap_port, 636},
{ldap_base, "DC=domain1,DC=com"},
{ldap_rootdn,
"CN=MMKServiceAccountJabber,OU=ServiceAccounts,OU=!Ress,DC=domain1,DC=com"},
{ldap_password, "xxxxxxxxxxxxxxx"}]}.
{host_config, "domains2.com", [{auth_method, ldap},
{ldap_servers, ["ldap.domain2.com"]},
{ldap_base, "DC=domain2,DC=com"},
{ldap_rootdn,
"CN=MMGServiceAccountJabber,OU=ServiceAccounts,OU=!Ress,DC=domain2,DC=com"},
{ldap_password, "xxxxxxxxxxxxxxx"}]}.
%%
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon | login_anon | both
%% allow_multiple_connections: true | false
%%
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections, false},
%% {anonymous_protocol, sasl_anon}]}.
%%
%% To use both anonymous and internal authentication:
%%
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
%%% ==============
%%% DATABASE SETUP
%% ejabberd uses by default the internal Mnesia database,
%% so you can avoid this section.
%% This section provides configuration examples in case
%% you want to use other database backends.
%% Please consult the ejabberd Guide for details about database creation.
%%
%% MySQL server:
%%
%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
%%
%% PostgreSQL server:
%%
%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
%%
%% If you use PostgreSQL, have a large database, and need a
%% faster but inexact replacement for "select count(*) from users"
%%
%%{pgsql_users_number_estimate, true}.
%%
%% ODBC compatible or MSSQL server:
%%
%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=xxxxxxxxxxxxx"}.
%%% ===============
%%% TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "lefant", "domain1.com"}}.
{acl, admin, {user, "unki", "domain1.com"}}.
%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.
%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.
%%
%% More examples of ACLs
%%
%%{acl, jabberorg, {server, "jabber.org"}}.
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%%{acl, test, {user_regexp, "^test"}}.
%%{acl, test, {user_glob, "test*"}}.
%%% ============
%%% ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
{access, max_user_sessions, [{10, all}]}.
%% This rule allows access only for local users:
{access, local, [{allow, local}]}.
%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
%% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
%% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
%% Every username can be registered via in-band registration:
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{deny, all}]}.
%% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
%%% ================
%%% DEFAULT LANGUAGE
%%
%% language: Default language used for server messages.
%%
{language, "en"}.
%%% =======
%%% MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
%%
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_disco, []},
%%{mod_echo, [{host, "echo.domain1.com"}]},
{mod_http_bind,[]},
%%{mod_http_fileserver, [{docroot, "/home/lefant/ejabberd-2.0.0/www"}]},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "[EMAIL PROTECTED]@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
{mod_muc_log,[]},
{mod_offline, []},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
%% {mod_pubsub, [ % requires mod_caps
%% {access_createnode, pubsub_createnode},
%% {plugins, ["default", "pep"]}
%% ]},
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
{mod_stats, []},
{mod_time, []},
%%{mod_vcard, []},
{mod_vcard_ldap,
[{ldap_vcard_map,
[{"NICKNAME", "%s", ["cn"]},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["initials"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s", ["displayName"]},
{"EMAIL", "%s", ["mail"]},
{"ORGNAME", "%s", ["company"]},
{"ORGUNIT", "%s", ["department"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["streetAddress"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"TEL", "%s", ["telephoneNumber"]}]},
{ldap_search_fields,
[{"Name", "givenName"},
{"Family Name", "sn"},
{"Department", "department"}]},
{ldap_search_reported,
[{"Full Name", "FN"},
{"Email", "EMAIL"}]}
]},
{mod_version, []}
]}.
%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $
%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8:
