Joy | 20 Mar 18:42 2016
Picon

roster help

Hi,
     I have configured ejabberd to authenticate against LDAP which holds user information for multiple domain, authentication working perfectly, chat being recorded in database but having serious issues when we have same user on multiple domain. In that case all user with same login id can see roster of each other and can delete as well.

Here is my configuration :-

hosts:
  - "example.in"


auth_method: ldap

ldap_encrypt: none

ldap_port: 389

ldap_rootdn: "cn=admin,dc=example,dc=in"

ldap_password: "password"

ldap_base: "dc=example,dc=in"

ldap_uids:
  - "mail": "%u <at> %d"

ldap_filter: "(&(objectClass=mailUser)(accountStatus=active))"

  mod_vcard_ldap:
    ldap_rootdn: "cn=admin,dc=example,dc=in"
    ldap_password: "password"
    ldap_base: "dc=example,dc=in"
    
    ldap_uids:
      "mail": "%u <at> %d"
    
    ldap_filter: "(&(objectClass=mailUser)(accountStatus=active))"
    
    ldap_vcard_map:
     "NICKNAME": {"%s": ["cn"]} # just use user's part of JID as his nickname
     "GIVEN": {"%s": ["givenName"]}
     "FAMILY": {"%s": ["sn"]}
     "EMAIL": {"%s": ["mail"]}
     "PHOTO": {"%s": ["jpegPhoto"]}
     "BDAY": {"%s": ["birthDay"]}
    ## Search form
    ldap_search_fields:
      "User": "uid"
      "Name": "cn"
      "Family Name": "sn"
      "Email": "mail"
      "Birthday": "birthDay"
    ## vCard fields to be reported
    ## Note that JID is always returned with search results
    ldap_search_reported:
      "Full Name": "FN"
      "Nickname": "NICKNAME"
      "Birthday": "BDAY"

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Alex Jordan | 16 Mar 01:19 2016
Picon
Gravatar

Not authorized to create MUCs on my server

Hi, all -

I'm trying to set up mod_muc on my ejabberd 16.01-1~bpo8+1, running on
Debian Stable but installed from jessie-backports. Whenever I join a
new MUC address, I expect it to be created, but this isn't
happening. Instead, I usually get "conference not found", and once (on
Conversations) I got "banned from conference" after a little while.

I've searched for this issue a ton, including on the mailing list
archives, but it seems pretty obvious this is a subtle local
configuration problem.

I'm connecting as `alex <at> strugee.net`. My config (sans comments) is at
http://sprunge.us/hCJV. Any idea why this might be happening?

Thanks so much!

AJ
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gaurav Jain | 7 Mar 19:47 2016
Picon

mod_multicast not delivering correct address stanza to receivers (ejabberd-16.02)

Multicast service is not delivering all "to" attributes to all the recipient of address stanza.

UserA sends a packet to UserB and UserC

    <message type="chat" to="multicast.example.com" id="">
      <addresses xmlns="http://jabber.org/protocol/address">
        <address type="to" jid="UserB <at> example.com"/>
        <address type="to" jid="UserC <at> example.com"/>
      </addresses>
      <body>One</body>
      <active xmlns="http://jabber.org/protocol/chatstates"/>
    </message>

However UserB receives

    <message xmlns="jabber:client" from="UserA <at> example.com/iPhone" to="UserB <at> example.com" type="chat" id="">
      <addresses xmlns="http://jabber.org/protocol/address">
        <address type="to" jid="UserB <at> example.com"/>
      </addresses>
      <body>One</body>
      <active xmlns="http://jabber.org/protocol/chatstates"/>
    </message>

And UserC receives

    <message xmlns="jabber:client" from="UserA <at> example.com/iPhone" to="UserC <at> example.com" type="chat" id="">
      <addresses xmlns="http://jabber.org/protocol/address">
        <address type="to" jid="UserC <at> example.com"/>
      </addresses>
      <body>One</body>
      <active xmlns="http://jabber.org/protocol/chatstates"/>
    </message>


So, UserB and UserC are missing **'to'** attribute for each other in the address stanza.

I use ejabberd 16.02 and I use https://docs.ejabberd.im/admin/guide/configuration/#modmulticast to configure 
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gaurav Jain | 7 Mar 03:51 2016
Picon

Presence status of another entity when user went offline

* I have one group, Group-1
* I have two users in the group, User-1 and User-2
* Both are connected
* Now User-1 goes offline
* Then User-2 goes offline.
* Then, User-1 goes online.

But, when User-1 goes online again, it does not get offline presence of User-2. It gets available/online presence of User-2.

What needs to be done to get "unavailable" presence for User-2 when User-1 comes back online??


Best Regards,
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Pallissard, Matthew | 1 Mar 17:39 2016

User is assigned incorrect avatar (pubsub)

I've got an issue regarding pupsub avatars that I could use some help with.

I have two users Bob and Alice.  When Alice signs in, everyone sees Bob's avatar.  Alice has tried to upload her
own avatar in an attempt to replace Bob's.  It didn't work.  Now, the strange part is the delayed delivery
segment tacked on the the end of her XMPP stanza. This makes me wonder if this is some sort of client side
subscription. 

The other part of this is the date stamped on the delayed delivery segment.  That is several hours after we
migrated to a new 15.10 server from the 2.1.13 Red Hat provided version.  That makes me wonder if this could
be a server-side issue.

The configurations are identical apart from converting the configuration file to yaml.

Does anyone have any idea as to whether this is a client-side subscription issue or a server-side issue?
Maybe a difference in XEP standard versions between 15.10 and the 2.1.13 RHEL provided version?

Any help or a nudge in the right direction would be greatly appreciated.

Here is the XMPP stanza;

<message from='alice <at> jabber.server' to='me <at> jabber.server/laptop' type='headline'>
 <event xmlns='http://jabber.org/protocol/pubsub#event'>
  <items type='headline' node='urn:xmpp:avatar:metadata'>
   <item id='5c6215c38b153b81e9e015d6f8036de7277a0d4f'>
    <metadata xmlns='urn:xmpp:avatar:metadata'>
     <info id='5c6215c38b153b81e9e015d6f8036de7277a0d4f' type='image/png' bytes='13913' width='64' height='64'/>
    </metadata>
   </item>
  </items>
 </event>
  <delay xmlns='urn:xmpp:delay' from='bob <at> jabber.server/PC' stamp='YYYY-MM-DDTHH:MM:SSZ'/>
</message> 

Matt Pallissard
Jérôme Sautret | 29 Feb 19:03 2016
Picon

ejabberd 16.02: Happy Leap Day

To celebrate leap day, we are happy to release ejabberd 16.02, which
mark huge leap for ejabberd both in terms of features and
improvements.

In terms of features, we see in this release the culmination of our
work in several areas:
– Support for flexible offline retrieval, aka XEP-0013
(http://www.xmpp.org/extensions/xep-0013.html). This is a big win for
mobile developers.
– Improvements on archiving, with Message Archive Management (MAM) now
supporting version 0.4.1 of the specifications.
– Full Elixir compliant packaging with the ability to deploy ejabberd
as an Hex.pm dependency from your own application. See ejabberd on
hex.pm: https://hex.pm/packages/ejabberd
– Performance improvement with faster and more memory efficient XML
parsing and TLS encryption.
– Better stream compression with the ability to enable stream
compression after SASL.
– Easier adoption of ejabberd with a new migration script from Prosody
XMPP servers.

As usual, this version is the product of a great community team work,
with special kudos to Holger, Alexey, Evgeny, Pawel, Christophe,
Badlop, Mickaël for their large contributions in this release.

That community effort is what makes ejabberd is such a popular
project, with 2260+ stars on Github, availability in most Linux
distributions and showing amazing number of downloads! Thank you all!

Here is the full list of changes:

* Changes

** New XMPP Extensions support

- New Flexible Offline Message Retrieval (XEP-0013) support

** Admin
- New migration script from Prosody to ejabberd
- Fix –disable-debug compilation flag
- don’t escape ERL_OPTIONS
- Two new global timeouts configurable: c2s_hibernate, receiver_hibernate
- Make it possible to define ‘sm_db_type’ per virtual host
- configuration checker: Describe option type in code for
‘domain_balancing’ option
- Log failed SQL requests
- Include mod_muc.hrl and fix records
- mod_http_upload: Expand ‘docroot’ before using it, also expand  <at> HOST <at> 

** Commands

- New import_prosody command
- Start documenting arguments in mod_admin_extra commands
- We added a way to get all ejabberd_commands, not only those that was
registered
- Allow to pass \n in argument to ejabberdctl
- Add error handling to send_stanza
- Fix format_result so get_room_options command works again after
commit reference aa5caa3

** Dependencies

- lager is the default (and only) logging module and we removed p1_logger
- Handle spaces in vsn attribute of app file when installing deps
- Renamed dependencies and modules for consistency but also to reflect
huge performance gains:
. p1_iconv -> iconv
. p1_stringprep -> stringprep
. p1_stun -> stun
. p1_tls -> fast_tls
. p1_yaml -> fast_yaml
. p1_zlib -> ezlib

** Message Archive Management

- Advertise MUC MAM v0.4.1 in room JID’s disco#info
- Add “delete_old_mam_messages” admin command
- Add ‘from’ attribute to tag
- Add “request_activates_archiving” option
- Respond to form requests
- Support XEP-0313 v0.2 MUC archive queries
- Check whether MUC message is desired
- Reject -based paging
- Limit result set page size
- Sort messages returned by Mnesia
- Strip existing JID tags from MUC messages
- Expose MUC occupant JID in more cases
- Don’t let outcasts access MUC archive
- Send new preferences when they are set
- Stream management (XEP-0198): Let MAM take care of pending messages

** GroupChat

- Send presence with code 170 in initial presence from MUC
- Add most status codes only to initial MUC presence
- mod_muc_room: Don’t expose JIDs in anonymous rooms
- mod_muc_room: Let members see admin/owner JIDs

** PubSub

- Fix presence-based delivery
- Make caps warning less confusing
- Fix host/serverhost usage
- Add support of pubsub#itemreply=publisher

** Other

- Accept stream compression request after SASL
- Make C2S session establishment optional to better conform to XMPP
specifications and still be friendly with older clients.
- MUC: new regexp_room_id option to limit possible room names.
- ODBC: Set utf8mb4 charset on MySQL connection to support emoji
storage as default.
- LDAP: Improve LDAP shared roster support.
- mod_register_web: Allow setting host when deleting account or
changing password.
- Rename timestamp_to_iso functions in jlib.
- Stream management (XEP-0198): Fix session timeout corner case.
- Several improvements in Elixir support.
- Updated many translations.
- Improve web admin stylesheet to fix rendering issues in some browsers.

** Packaging

- ejabberd is now available as an hex.pm package and can be easily
included as a dependency in any Elixir or Erlang application.
- Installers include latest OpenSSL patches.

* Feedback

As usual, the release is tagged in the Git source code repository on Github:
https://github.com/processone/ejabberd

The source package and binary installers are available at ProcessOne:
https://www.process-one.net/en/ejabberd/downloads/

If you suspect that you’ve found a bug, please search or fill a bug
report on Github:
https://github.com/processone/ejabberd/issues
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Steven Livingstone | 25 Feb 22:06 2016
Gravatar

eJabberd Certificates Confusion

Hi. I'm a little confused on how to properly set up certificates on
eJabberd and would appreciated some advice. All of the samples I have
found only use a single server certificate which I guess works well if
you have a server domain == host domain.

In my case I want to have an XMPP server at xmpp.domain.com but that
would have multiple hosts so users can register at user <at> example.com,
user <at> example.co.uk and so on. As far as I know, to properly do this I
need a certificate for the server (xmpp.domain.com) as well as one for
each host (example.com, example.co.uk and so on). This way you can
trust the server you are accessing as well as know it is a trusted
server for the hosts with associated certificates. Please correct me
if an of the above is NOT true and my understanding is wrong.

I have created and installed a self signed server cert for
xmpp.alchemy.local and that works well. If the connect server domains
don't match I get an error and as it is self signed, when they do
match i don't get the prompt and it works well.

*However*, I don't think I understand how the domain certificate for
the host is supposed to work or I am doing something wrong.

I can put the entirely wrong certificate for a host I have defined
(see example below) and I am able to connect to the xmpp.alchemy.local
server and I am also able to create a user at user <at> example.com on that
server ... even though the associated domain_certfile is for
alchemy.local, NOT example.com.

Can anyone tell me what is going on?

thanks,
/steven

=====

###
###'              ejabberd configuration file
###
###

### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/

### The configuration file is written in YAML.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
###   Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
###   Examples of quoted string: "Lizzard", "orange".
###   Example of folded string:
###   > Art thou not Romeo,
###     and a Montague?

###.  =======
###'  LOGGING

##
## loglevel: Verbosity of log files generated by ejabberd.
## 0: No ejabberd log at all (not recommended)
## 1: Critical
## 2: Error
## 3: Warning
## 4: Info
## 5: Debug
##
loglevel: 4

##
## rotation: Describe how to rotate logs. Either size and/or date can trigger
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
## does not disable rotation, it instead rotates the file and keeps no previous
## versions around. Setting size to X rotate log when it reaches X bytes.
## To disable rotation set the size to 0 and the date to ""
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
## Some examples:
##  $D0     rotate every night at midnight
##  $D23    rotate every day at 23:00 hr
##  $W0D23  rotate every week on Sunday at 23:00 hr
##  $W5D16  rotate every week on Friday at 16:00 hr
##  $M1D0   rotate on the first day of every month at midnight
##  $M5D6   rotate on every 5th day of the month at 6:00 hr
##
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1

##
## overload protection: If you want to limit the number of messages per second
## allowed from error_logger, which is a good idea if you want to avoid a flood
## of messages when system is overloaded, you can set a limit.
## 100 is ejabberd's default.
log_rate_limit: 100

##
## watchdog_admins: Only useful for developers: if an ejabberd process
## consumes a lot of memory, send live notifications to these XMPP
## accounts.
##
## watchdog_admins:
##   - "bob <at> example.com"

###.  ===============
###'  NODE PARAMETERS

##
## net_ticktime: Specifies net_kernel tick time in seconds. This
options must have
## identical value on all nodes, and in most cases shouldn't be
changed at all from
## default value.
##
## net_ticktime: 60

###.  ================
###'  SERVED HOSTNAMES

##
## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts:
##   - "example.net"
##   - "example.com"
##   - "example.org"
##
hosts:
  #- "chat.alchemy.local"
  - "example.com"

##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s

###.  ===============
###'  LISTENING PORTS

##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
  -
    port: 5222
    module: ejabberd_c2s
    ##
    ## If TLS is compiled in and you installed a SSL
    ## certificate, specify the full path to the
    ## file and uncomment these lines:
    ##
    certfile: "/opt/ejabberd/ssl/ejabberd_xmpp_alchemy_local.pem"
    ## starttls: true
    ##
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ##
    starttls_required: true
    ##
    ## Custom OpenSSL options
    ##
    ## protocol_options:
    ##   - "no_sslv3"
    ##   - "no_tlsv1"
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    port: 5269
    module: ejabberd_s2s_in
  ##
  ## ejabberd_service: Interact with external components (transports, ...)
  ##
  ## -
  ##   port: 8888
  ##   module: ejabberd_service
  ##   access: all
  ##   shaper_rule: fast
  ##   ip: "127.0.0.1"
  ##   hosts:
  ##     "icq.example.org":
  ##       password: "secret"
  ##     "sms.example.org":
  ##       password: "secret"

  ##
  ## ejabberd_stun: Handles STUN Binding requests
  ##
  ## -
  ##   port: 3478
  ##   transport: udp
  ##   module: ejabberd_stun

  ##
  ## To handle XML-RPC requests that provide admin credentials:
  ##
  ## -
  ##   port: 4560
  ##   module: ejabberd_xmlrpc
  ##   access_commands: {}
  -
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: true

###.  ==================
###'  S2S GLOBAL OPTIONS

##
## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
## Allowed values are: false optional required required_trusted
## You must specify a certificate file.
##
s2s_use_starttls: required

##
## s2s_certfile: Specify a certificate file.
##
s2s_certfile: "/opt/ejabberd/ssl/ejabberd_xmpp_alchemy_local.pem"

## Custom OpenSSL options
##
## s2s_protocol_options:
##   - "no_sslv3"
##   - "no_tlsv1"

##
## domain_certfile: Specify a different certificate for each served hostname.
##
###host_config:
###  "alchemy.local":
###    domain_certfile: "/opt/ejabberd/ssl/ejabberd_alchemy_local.pem"
##   "example.com":
##     domain_certfile: "/path/to/example_com.pem"

##
## S2S whitelist or blacklist
##
## Default s2s policy for undefined hosts.
##
## s2s_access: s2s

##
## Outgoing S2S options
##
## Preferred address families (which to try first) and connect timeout
## in milliseconds.
##
## outgoing_s2s_families:
##   - ipv4
##   - ipv6
## outgoing_s2s_timeout: 10000

###.  ==============
###'  AUTHENTICATION

##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
##
auth_method: internal
#auth_method: riak

##
## Store the plain passwords or hashed for SCRAM:
## auth_password_format: plain
## auth_password_format: scram
##
## Define the FQDN if ejabberd doesn't detect it:
## fqdn: "server3.example.com"

##
## Authentication using external script
## Make sure the script is executable by ejabberd.
##
## auth_method: external
## extauth_program: "/path/to/authentication/script"

##
## Authentication using ODBC
## Remember to setup a database in the next section.
##
## auth_method: odbc

##
## Authentication using PAM
##
## auth_method: pam
## pam_service: "pamservicename"

##
## Authentication using LDAP
##
## auth_method: ldap
##
## List of LDAP servers:
## ldap_servers:
##   - "localhost"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
## ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
## ldap_port: 636
##
## LDAP manager:
## ldap_rootdn: "dc=example,dc=com"
##
## Password of LDAP manager:
## ldap_password: "******"
##
## Search base of LDAP directory:
## ldap_base: "dc=example,dc=com"
##
## LDAP attribute that holds user ID:
## ldap_uids:
##   - "mail": "%u <at> mail.example.org"
##
## LDAP filter:
## ldap_filter: "(objectClass=shadowAccount)"

##
## Anonymous login support:
##   auth_method: anonymous
##   anonymous_protocol: sasl_anon | login_anon | both
##   allow_multiple_connections: true | false
##
## host_config:
##   "public.example.org":
##     auth_method: anonymous
##     allow_multiple_connections: false
##     anonymous_protocol: sasl_anon
##
## To use both anonymous and internal authentication:
##
## host_config:
##   "public.example.org":
##     auth_method:
##       - internal
##       - anonymous

###.  ==============
###'  DATABASE SETUP

## ejabberd by default uses the internal Mnesia database,
## so you do not necessarily need this section.
## This section provides configuration examples in case
## you want to use other database backends.
## Please consult the ejabberd Guide for details on database creation.

##
## MySQL server:
##
## odbc_type: mysql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234

##
## PostgreSQL server:
##
## odbc_type: pgsql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234
##
## If you use PostgreSQL, have a large database, and need a
## faster but inexact replacement for "select count(*) from users"
##
## pgsql_users_number_estimate: true

##
## SQLite:
##
## odbc_type: sqlite
## odbc_database: "/path/to/database.db"

##
## ODBC compatible or MSSQL server:
##
## odbc_type: odbc
## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"

##
## Number of connections to open to the database for each virtual host
##
## odbc_pool_size: 10

##
## Interval to make a dummy SQL request to keep the connections to the
## database alive. Specify in seconds: for example 28800 means 8 hours
##
## odbc_keepalive_interval: undefined

###.  ===============
###'  TRAFFIC SHAPERS

shaper:
  ##
  ## The "normal" shaper limits traffic speed to 1000 B/s
  ##
  normal: 1000

  ##
  ## The "fast" shaper limits traffic speed to 50000 B/s
  ##
  fast: 50000

##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 1000

###.   ====================
###'   ACCESS CONTROL LISTS
acl:
  ##
  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  ## You can put here as many accounts as you want.
  ##
  admin:
     user:
       - "admin": "alchemy.local"
  ##     - "aleksey": "localhost"
  ##     - "ermine": "example.org"
  ##
  ## Blocked users
  ##
  ## blocked:
  ##   user:
  ##     - "baduser": "example.org"
  ##     - "test"

  ## Local users: don't modify this.
  ##
  local:
    user_regexp: ""

  ##
  ## More examples of ACLs
  ##
  ## jabberorg:
  ##   server:
  ##     - "jabber.org"
  ## aleksey:
  ##   user:
  ##     - "aleksey": "jabber.ru"
  ## test:
  ##   user_regexp: "^test"
  ##   user_glob: "test*"

  ##
  ## Loopback network
  ##
  loopback:
    ip:
      - "127.0.0.0/8"

  ##
  ## Bad XMPP servers
  ##
  ## bad_servers:
  ##   server:
  ##     - "xmpp.zombie.org"
  ##     - "xmpp.spam.com"

##
## Define specific ACLs in a virtual host.
##
## host_config:
##   "localhost":
##     acl:
##       admin:
##         user:
##           - "bob-local": "localhost"

###.  ============
###'  ACCESS RULES
access:
  ## Maximum number of simultaneous sessions allowed for a single user:
  max_user_sessions:
    all: 10
  ## Maximum number of offline messages that users can have:
  max_user_offline_messages:
    admin: 5000
    all: 100
  ## This rule allows access only for local users:
  local:
    local: allow
  ## Only non-blocked users can use c2s connections:
  c2s:
    blocked: deny
    all: allow
  ## For C2S connections, all users except admins use the "normal" shaper
  c2s_shaper:
    admin: none
    all: normal
  ## All S2S connections use the "fast" shaper
  s2s_shaper:
    all: fast
  ## Only admins can send announcement messages:
  announce:
    admin: allow
  ## Only admins can use the configuration interface:
  configure:
    admin: allow
  ## Admins of this server are also admins of the MUC service:
  muc_admin:
    admin: allow
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create:
    local: allow
  ## All users are allowed to use the MUC service:
  muc:
    all: allow
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode:
    local: allow
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register:
    all: allow
  ## Only allow to register from localhost
  trusted_network:
    loopback: allow
  ## Do not establish S2S connections with bad servers
  ## s2s:
  ##   bad_servers: deny
  ##   all: allow

## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity
## registration_timeout: 600

##
## Define specific Access Rules in a virtual host.
##
## host_config:
##   "localhost":
##     access:
##       c2s:
##         admin: allow
##         all: deny
##       register:
##         all: deny

###.  ================
###'  DEFAULT LANGUAGE

##
## language: Default language used for server messages.
##
language: "en"

##
## Set a different default language in a virtual host.
##
## host_config:
##   "localhost":
##     language: "ru"

###.  =======
###'  CAPTCHA

##
## Full path to a script that generates the image.
##
## captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"

##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
## captcha_host: "example.org:5280"

##
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
##
## captcha_limit: 5

###.  =======
###'  MODULES

##
## Modules enabled in all ejabberd virtual hosts.
##
modules:
  mod_adhoc: {}
  ## mod_admin_extra: {}
  mod_announce: # recommends mod_adhoc
    access: announce
  mod_blocking: {} # requires mod_privacy
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {} # requires mod_adhoc
  mod_disco: {}
  ## mod_echo: {}
  mod_irc: {}
  mod_http_bind: {}
  ## mod_http_fileserver:
  ##   docroot: "/var/www"
  ##   accesslog: "/var/log/ejabberd/access.log"
  mod_last: {}
  mod_muc:
    ## host: "conference. <at> HOST <at> "
    access: muc
    access_create: muc_create
    access_persistent: muc_create
    access_admin: muc_admin
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  ## mod_pres_counter:
  ##   count: 5
  ##   interval: 60
  mod_privacy: {}
  mod_private: {}
  ## mod_proxy65: {}
  mod_pubsub:
    access_createnode: pubsub_createnode
    ## reduces resource comsumption, but XEP incompliant
    ignore_pep_from_offline: true
    ## XEP compliant, but increases resource comsumption
    ## ignore_pep_from_offline: false
    last_item_cache: false
    plugins:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
  mod_register:
    ##
    ## Protect In-Band account registrations with CAPTCHA.
    ##
    ## captcha_protected: true

    ##
    ## Set the minimum informational entropy for passwords.
    ##
    ## password_strength: 32

    ##
    ## After successful registration, the user receives
    ## a message with this subject and body.
    ##
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hi.
        Welcome to this XMPP server.

    ##
    ## When a user registers, send a notification to
    ## these XMPP accounts.
    ##
    ## registration_watchers:
    ##   - "admin1 <at> example.org"

    ##
    ## Only clients in the server machine can register accounts
    ##
    ip_access: trusted_network

    ##
    ## Local c2s or remote s2s users cannot register accounts
    ##
    ## access_from: deny

    access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_stats: {}
  mod_time: {}
  mod_vcard:
    search: false
  mod_version: {}

###   ============
###   HOST CONFIG

host_config:
  "example.com":
    domain_certfile: "/opt/ejabberd/ssl/ejabberd_alchemy_local.pem"

###"alchemy.local":
###  domain_certfile: "/opt/ejabberd/ssl/ejabberd_alchemy_local.pem"
##
## Enable modules with custom options in a specific virtual host
##
## host_config:
##   "localhost":
##     modules:
##       mod_echo:
##         host: "mirror.localhost"

##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##

allow_contrib_modules: true

###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
Steven Livingstone | 24 Feb 13:56 2016
Gravatar

Terminate SSL at Proxy or not?

Hello All.

I'm interested in the pros and cons of terminating my SSL at the proxy and then messaging in the clear to my private internal eJabberd cluster versus going SSL all the way. I'm thinking SSL all the way adds some performance overhead but probably not significant.

I'm more interested in any other pros and cons within my own private cluster and also, if i need to do federation if the recipient is on a remote server or even server to server messaging.

many thanks,
steven
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gaurav Jain | 23 Feb 09:23 2016
Picon

service-unavailable

Hi,

I am not able to understand what could be wrong with logs below. I get an service-unavailable iq when the app connected to ejabberd.

Could you please point me to possible issue?

Logs below are associated with same id F7ANh-88. 

TIA,


D/SMACK﹕ SENT (0): <iq id='F7ANh-88' type='set'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><resource>Smack</resource></bind></iq>

D/SMACK﹕ RECV (0): <iq id='F7ANh-88' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>user1 <at> dev.example.com/Smack</jid></bind></iq>

D/SMACK﹕ SENT (0): <iq id='F7ANh-88' type='set'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><resource>Smack</resource></bind></iq>

RECV (0): <a xmlns='urn:xmpp:sm:3' h='5'/><iq from='dev.example.com' to='user1 <at> dev.example.com/Smack' id='F7ANh-74' type='result'/><r xmlns='urn:xmpp:sm:3'/><iq from='dev.example.com' to='user1 <at> dev.example.com/Smack' id='F7ANh-76' type='result'/><r xmlns='urn:xmpp:sm:3'/><iq from='dev.example.com' to='user1 <at> dev.example.com/Smack' id='F7ANh-78' type='result'/><r xmlns='urn:xmpp:sm:3'/><iq from='dev.example.com' to='user1 <at> dev.example.com/Smack' id='F7ANh-80' type='result'/><r xmlns='urn:xmpp:sm:3'/><iq from='user1 <at> dev.example.com' to='user1 <at> dev.example.com/Smack' type='error' xml:lang='en' id='F7ANh-88'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><resource>Smack</resource></bind><error code='503' type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
samad khadivar | 22 Feb 07:54 2016
Picon

Ejabberd not accepting compression after SASL

I installed ejabberd-16.01-linux-x86_64-installer.run. I want to use compression in ejabberd using smack.
I find this link https://github.com/weiss/ejabberd/commit/5b4aefbacd260d86e8e78a7d6680106383869783?diff=unified and I changed ejabberd_c2s.erl according to it and compile it, then replace it in /opt/ejabberd-16.01/lib/ejabberd-16.01/ebin/ejabberd_c2s.erl. 
I compile ejabberd_c2s.erl in this directory  /opt/ejabberd-16.01/lib/ejabberd-16.01/include(hrl) using this command erlc ejabberd_c2s.erl 
I get this warring 
ejabberd_c2s.erl:28: Warning: behaviour ejabberd_config undefined
ejabberd_c2s.erl:40: Warning: behaviour p1_fsm undefined
restart my ejabberd and run it. when my clinet want to connect it returns this error.

2016-02-22 10:13:07.658 [error] <0.1703.0> CRASH REPORT Process <0.1703.0> with 0 neighbours exited with reason: call to undefined function p1_logger:debug_msg(ejabberd_c2s, 1847, "Send XML on stream = ~p", [<<"<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber....">>]) in p1_fsm:terminate/8 line 760

I test it with ejabberd 15.11 and I get that error
Thanks in advance.
--
----------
Best Regards
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Steven Livingstone | 21 Feb 12:16 2016
Gravatar

join_cluster no_ping error

Hi. I am trying to get clustering between two nodes (on version 16.01), I have copied the cookie and both instances are able to start up.

However, when i try to run join_cluster I get the error message below. I have tried every conceivable combination for the node name but get the same error message. I have two nodes node0 and node1 and once ejabberd is started up i see "Application ejabberd started on node node0 <at> xmpp" and "Application ejabberd started on node node1 <at> xmpp" respectively in the logs.

root <at> xmpp:/opt/ejabberd# ejabberdctl join_cluster "node0 <at> xmpp"
Error: {no_ping,node0 <at> xmpp}

Before I start posting all the config and so on, are there some basics i am missing - i followed the guide at [1].

thanks,
steven

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd

Gmane