Re: [jabberd2.0s4] LDAPv3 authentication

On Sun, 31 Oct 2004 22:18:38 +0000, Andrey V. Romanchev
<negative <at> smartlogic.ru> wrote:
> I tried to use LDAPv3 authentication to encrypt sending passwords (plain
> text is terrible), but my jabberd2 couldn't working with this.
> 
> c2s:
>     <!-- LDAP module configuration -->
>     <ldap>
>       <host>127.0.0.1</host>
>       <port>389</port>
>       <v3/>
>       <starttls/>
>         <!--
>       <ssl/>
>         -->
>       <binddn>cn=sysadm,dc=negative-pc,dc=swamp,dc=ru</binddn>
>       <bindpw>pass</bindpw>
>       <uidattr>uid</uidattr>
>       <basedn>ou=users,dc=negative-pc,dc=swamp,dc=ru</basedn>
>     </ldap>

This looks right, same as what I have.

what does your config for slapd look like?

--

-- 
Jay Kline
http://www.slushpupie.com/
_______________________________________________
jadmin mailing list

Re: [jabberd2.0s4] LDAPv3 authentication

slushpupie <at> gmail.com wrote:

>>I tried to use LDAPv3 authentication to encrypt sending passwords (plain
>>text is terrible), but my jabberd2 couldn't working with this.
>>
>>c2s:
>>    <!-- LDAP module configuration -->
>>    <ldap>
>>      <host>127.0.0.1</host>
>>      <port>389</port>
>>      <v3/>
>>      <starttls/>
>>        <!--
>>      <ssl/>
>>        -->
>>      <binddn>cn=sysadm,dc=negative-pc,dc=swamp,dc=ru</binddn>
>>      <bindpw>pass</bindpw>
>>      <uidattr>uid</uidattr>
>>      <basedn>ou=users,dc=negative-pc,dc=swamp,dc=ru</basedn>
>>    </ldap>
>>    
>>
>
>This looks right, same as what I have.
> 
>what does your config for slapd look like?
>
my slapd.conf file

include         /usr/local/openldap/etc/openldap/schema/core.schema

Re: [jabberd2.0s4] LDAPv3 authentication

On Mon, 01 Nov 2004 20:16:35 +0000, Andrey V. Romanchev
<negative <at> smartlogic.ru> wrote:
>  include         /usr/local/openldap/etc/openldap/schema/core.schema
>  include         /usr/local/openldap/etc/openldap/schema/cosine.schema
>  include        
> /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
>  include         /usr/local/openldap/etc/openldap/schema/nis.schema
>  include         /usr/local/openldap/etc/openldap/schema/openldap.schema
>  include         /usr/local/openldap/etc/openldap/schema/misc.schema
>  
>  pidfile         /usr/local/openldap/var/run/slapd.pid
>  argsfile        /usr/local/openldap/var/run/slapd.args
>  
>  access to attrs=userPassword by self write by * auth
>  access to * by peername=127.0.0.1 read by anonymous auth by users read
>  
>  #allow           bind_v2
>  
>  database        ldbm
>  suffix           "dc=negative-pc,dc=swamp,dc=ru"
>  rootdn          "cn=sysadm,dc=negative-pc,dc=swamp,dc=ru"
>  
>  rootpw          {SMD5}DGGitBL1SLEDmhmsgLPTj02SG5o=
>  
>  directory       /usr/local/openldap/var/openldap-data
>  
>  index   objectClass     eq

It looks like you are missing the TLS/SSL stuff in slapd.conf.  You
need something like this:

Manual reset of Password

Is there a way to manually reset a user's Jabber password. The user in
question has recently had their laptop imaged. I looked in the
<username>.xml file and saw the last password. I thought that I could
just edit the .xml file and be off and running.

Let's just say that it's best that I don't tell them I know their
password and pass it along to them.

Can a manual change of the password be done?

_______________________________________________
jadmin mailing list
jadmin <at> jabber.org
http://mail.jabber.org/mailman/listinfo/jadmin
FAQ: http://www.jabber.org/wiki/index.php/FAQ-JADMIN

Re: Manual reset of Password

On Mon, Nov 01, 2004 at 01:40:36PM -0500, Hite, Danny wrote:
> Is there a way to manually reset a user's Jabber password. The user in
> question has recently had their laptop imaged. I looked in the
> <username>.xml file and saw the last password. I thought that I could
> just edit the .xml file and be off and running.

Yes the password is stored the .xml file, in plaintext. If you saw that
password then the user should change it. You should tell this user so,
because possibly this password is being used for other things too.

Numerous clients support changing your password. It can also be done by
hand. Furthermore there's a CGI thingy which supports changing your
password. E.g. https://unstable.nl/cgi-bin/jabber

	Andreas

_______________________________________________
jadmin mailing list
jadmin <at> jabber.org
http://mail.jabber.org/mailman/listinfo/jadmin
FAQ: http://www.jabber.org/wiki/index.php/FAQ-JADMIN

Re: Mysql - who's online?

So what could be wrong if these tables arn't updating correctly.  I log
in and out just fine but the rows arn't updating on the active or logout
tables.  I am at 2s4 now.

On Sat, 2004-10-30 at 18:55, Hernan arteta wrote:
> I have the same quesion but any UPDATE hit active
> table, only when I logout, I can see  DELETE and
> INSERT activity in logout table.
> may.
> Some one knows if I havwe to enable a feature to get
> this?
> Regards
> Hernan
>  --- Gabriel Millerd <gmillerd <at> gmail.com> escribió: 
> > On Fri, 22 Oct 2004 08:21:16 -0500 (CDT), Jason
> > Morehouse
> > (jm <at> netconcepts.com) <jm <at> netconcepts.com> wrote:
> > >
> > > Is there any way to determine what contacts are
> > on-line via Mysql (jabberd
> > > 2.0s3)?
> > > Thanks!
> > >  
> >    ideally if your 'active' and 'logout' table's
> > times are updating
> > properly you could use this query (minus crash
> > issues):
> > 
> > select a.`collection-owner` from active a,logout l
> > where a.`collection-owner`=l.`collection-owner` and

Re: Mysql - who's online?

Are you sure the MySQL user account that jabberd2 is using has INSERT 
and UPDATE privileges on the database?

Richard F. Ashwell III wrote:
> So what could be wrong if these tables arn't updating correctly.  I log
> in and out just fine but the rows arn't updating on the active or logout
> tables.  I am at 2s4 now.
> 
> 
> 
> On Sat, 2004-10-30 at 18:55, Hernan arteta wrote:
> 
>>I have the same quesion but any UPDATE hit active
>>table, only when I logout, I can see  DELETE and
>>INSERT activity in logout table.
>>may.
>>Some one knows if I havwe to enable a feature to get
>>this?
>>Regards
>>Hernan
>> --- Gabriel Millerd <gmillerd <at> gmail.com> escribió: 
>>
>>>On Fri, 22 Oct 2004 08:21:16 -0500 (CDT), Jason
>>>Morehouse
>>>(jm <at> netconcepts.com) <jm <at> netconcepts.com> wrote:
>>>
>>>>Is there any way to determine what contacts are
>>>
>>>on-line via Mysql (jabberd
>>>

Re: Mysql - who's online?

On Mon, 01 Nov 2004 15:18:40 -0600, Brent Towsley
<brent.towsley <at> usask.ca> wrote:
> Are you sure the MySQL user account that jabberd2 is using has INSERT
> and UPDATE privileges on the database?
> 
    but naugh, jabber doesnt even attempt to update the `active`
table. you can watch the query logs for it. nothing is going on.

     like stated previously on the list, mysql storage isnt as robust
as 'db'. however i am sure this is patch that someone who could read
the code could make. i have tried and not been successful fixing this
problem.
      sadly i do this by using an system() call to a perl script ...
shame on me.
--

-- 
Gabriel Millerd
_______________________________________________
jadmin mailing list
jadmin <at> jabber.org
http://mail.jabber.org/mailman/listinfo/jadmin
FAQ: http://www.jabber.org/wiki/index.php/FAQ-JADMIN

Re: creating jids with a different name than the jabber server name

I read around a little bit more and realized that I should set a SRV record for 
the domain so now I have a _xmpp-client._tcp.ufl.edu set. Hope this helps 
someone out there.

Eli Ben-Shoshan wrote:
> I am in the process of migrating from a jabber bv.4 server to a jabber 
> v2.0s3 server. The old jabber server is named jabber.ufl.edu. In that 
> server's c2s section I created an alias such that jabber.ufl.edu was 
> aliased to ufl.edu like this:
> 
> <service id="c2s">
>     <load>
>     
> <pthsock_client>/usr/local/libexec/jabber/pthsock_client.so</pthsock_client> 
> 
>     </load>
>     <pthcsock xmlns='jabber:config:pth-csock'>
>       <alias to="ufl.edu">jabber.ufl.edu</alias>
>       <alias to="ufl.edu"/>
> .....
> </service>
> 
> This allowed my jids to all be  <at> ufl.edu. Users are instructed to connect 
> to jabber.ufl.edu but add itmes to their roster using  <at> ufl.edu since 
> this is what we give people as an email address on the campus.
> 
> I would like to do the same thing with the new jabber v2 server but I am 
> not really sure how to do this. Has anyone done this before or has any 
> sugestions on how to do this with the v2 jabber server? Thanks.
> 

Re: [jabberd2.0s4] LDAPv3 authentication

slushpupie <at> gmail.com wrote:

>It looks like you are missing the TLS/SSL stuff in slapd.conf.  You
>need something like this:
>
>TLSCertificateFile /etc/ldap/slapd.crt
>TLSCertificateKeyFile /etc/ldap/slapd.key
>TLSCACertificateFile /etc/ldap/cacert.pem
>
>You need to have the certificate files generated, of course.  The LDAP
>documentation describes that.
>
Must I write any certs in jabber configs?

I added following strings in slapd.conf (found at some doc, I'm novice 
in ssl)

TLSCertificateFile    /usr/share/ssl/private/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/private/slapd.pem
TLSCACertificateFile  /usr/share/ssl/certs/ca.cert

Of course, I generate these certs.

and now when I trying to run jabberd I get following output in slapd

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A