| ejabberd 3.0.0-prealpha |
| ejabberd 3.0.0-alpha-x |
| Installation and Operation Guide |
{host_config, "example.net", [{auth_method, internal}]}.
+{host_config, "example.net", [{auth_method, storage},
+ {auth_storage, mnesia}]}.
-{host_config, "example.com", [{auth_method, ldap},
+{host_config, "example.com", [{auth_method, ldap],
{ldap_servers, ["localhost"]},
{ldap_uids, [{"uid"}]},
{ldap_rootdn, "dc=localdomain"},
@@ -568,7 +569,8 @@ domain localhost to perform authentication:
{host_config, "example.net", [{auth_method, odbc},
+{host_config, "example.net", [{auth_method, storage},
+ {auth_storage, odbc},
{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}]}.
{host_config, "example.com", [{auth_method, ldap},
@@ -1014,27 +1016,55 @@ you have to make the transports log and do XDB by themselves:
3.1.4 Authentication
The option auth_method defines the authentication methods that are used
-for user authentication. The syntax is:
-
The following authentication methods are supported by ejabberd: +for user authentication. +Usually only one method is defined, with this syntax: +
+This full syntax can be used to specify one or more methods: +
The following authentication methods are supported by ejabberd:
Account creation is only supported by internal, external and odbc methods.
-ejabberd uses its internal Mnesia database as the default authentication method. -The value internal will enable the internal authentication method.
Examples: +
Account creation is only supported by the methods: +internal Mnesia storage, ODBC storage, and external.
+You can configure ejabberd to use the database storage authentication method, +and store either in the internal Mnesia database or in an ODBC database. +The specific storage is configured with the option: +
{auth_storage, mnesia|odbc}
+When the storage is configured for ODBC, the ODBC server is +configured with the odbc_server option, see +3.2.1 for MySQL, 3.2.3 for PostgreSQL, 3.2.2 for MSSQL, and 3.2.4 for generic ODBC.
Examples:
{host_config, "example.org", [{auth_method, [internal]}]}.
-{host_config, "example.net", [{auth_method, [ldap]}]}.
-{auth_method, internal}.
+To use internal Mnesia storage on all virtual hosts:
+{auth_method, storage}.
+{auth_storage, mnesia}.
+{auth_method, storage}.
+{auth_storage, odbc}.
+{host_config, "example.org", [
+ {auth_method, storage},
+ {auth_storage, mnesia}
+]}.
+{host_config, "example.com", [
+ {auth_method, storage},
+ {auth_storage, odbc},
+ {odbc_server, {mysql, "localhost", "test", "root", "password"}}
+]}.
+{host_config, "example2.com", [
+ {auth_method, storage},
+ {auth_storage, odbc},
+ {odbc_server, "DSN=database;UID=ejabberd;PWD=password"}
+]}.
+{host_config, "example.net", [
+ {auth_method, ldap}
+]}.
In this authentication method, when ejabberd starts, @@ -1054,9 +1084,9 @@ the CacheTimeInteger indicates the number of seconds that ejabberd can reuse the authentication information since the user last disconnected, to verify again the user authentication without querying again the extauth script. Note: caching should not be enabled in a host if internal auth is also enabled. -If caching is enabled, mod_last or mod_last_odbc must be enabled also in that vhost. +If caching is enabled, mod_last must be enabled also in that vhost.
This example sets external authentication, the extauth script, and enables caching for 10 minutes: -
{auth_method, [external]}.
+{auth_method, external}.
{extauth_program, "/etc/ejabberd/JabberAuth.class.php"}.
{extauth_cache, 600}.
@@ -1081,23 +1111,23 @@ login anonymous are both enabled.
parameter (see section 3.1.2).Examples:
{auth_method, [anonymous]}.
+{auth_method, anonymous}.
{anonymous_protocol, login_anon}.
{host_config, "public.example.org", [{auth_method, [anonymous]},
+{host_config, "public.example.org", [{auth_method, anonymous},
{anonymous_protocol, login_anon}]}.
{host_config, "public.example.org", [{auth_method, [internal,anonymous]},
+{host_config, "public.example.org", [{auth_method, [internal, anonymous]},
{anonymous_protocol, login_anon}]}.
{host_config, "public.example.org", [{auth_method, [anonymous]},
+{host_config, "public.example.org", [{auth_method, anonymous},
{anonymous_protocol, sasl_anon}]}.
{host_config, "public.example.org", [{auth_method, [anonymous]},
+{host_config, "public.example.org", [{auth_method, anonymous},
{anonymous_protocol, both}]}.
{host_config, "public.example.org", [{auth_method, [internal,anonymous]},
+{host_config, "public.example.org", [{auth_method, [internal, anonymous]},
{anonymous_protocol, both}]}.
@@ -1116,7 +1146,7 @@ This option defines what type of information about the user ejabberd provides to the PAM service: only the username, or the user JID. Default is username.
Example: -
{auth_method, [pam]}.
+{auth_method, pam}.
{pam_service, "ejabberd"}.
Though it is quite easy to set up PAM support in ejabberd, PAM itself introduces some
security issues:
@@ -1492,20 +1523,13 @@ You can modify this interval with this option:
{odbc_start_interval, 30}.
The option value name may be misleading, as the auth_method name is used -for access to a relational database through ODBC, as well as through the native -MySQL interface. Anyway, the first configuration step is to define the odbc -auth_method. For example: -
{auth_method, [odbc]}.
-
+See section 3.1.4.
MySQL also can be used to store information into from several ejabberd -modules. See section 3.3.1 to see which modules have a version -with the ‘_odbc’. This suffix indicates that the module can be used with -relational databases like MySQL. To enable storage to your database, just make -sure that your database is running well (see previous sections), and replace the -suffix-less or ldap module variant with the odbc module variant. Keep in mind -that you cannot have several variants of the same module loaded!
+modules. +See section 3.3.1 to see which modules support an ODBC storage backend. +To configure the module to use ODBC as storage backend, add the option +{backend, odbc} to the module.Although this section will describe ejabberd’s configuration when you want to use Microsoft SQL Server, it does not describe Microsoft SQL Server’s @@ -1523,22 +1547,17 @@ enabled. This can be done, by using next commands:
./configure --enable-odbc --enable-mssql && make install
The configuration of Database Connection for a Microsoft SQL Server -is the same as the configuration for -ODBC compatible servers (see section 3.2.4).
+See section 3.1.4.
The configuration of Authentication for a Microsoft SQL Server is the same as the configuration for ODBC compatible servers (see section 3.2.4).
Microsoft SQL Server also can be used to store information into from several -ejabberd modules. See section 3.3.1 to see which modules have -a version with the ‘_odbc’. This suffix indicates that the module can be used -with relational databases like Microsoft SQL Server. To enable storage to your -database, just make sure that your database is running well (see previous -sections), and replace the suffix-less or ldap module variant with the odbc -module variant. Keep in mind that you cannot have several variants of the same -module loaded!
+ejabberd modules. +See section 3.3.1 to see which modules support an ODBC storage backend. +To configure the module to use ODBC as storage backend, add the option +{backend, odbc} to the module.Although this section will describe ejabberd’s configuration when you want to use the native PostgreSQL driver, it does not describe PostgreSQL’s installation @@ -1582,20 +1601,13 @@ Specify in seconds: for example 28800 means 8 hours.
{odbc_keepalive_interval, undefined}.
The option value name may be misleading, as the auth_method name is used -for access to a relational database through ODBC, as well as through the native -PostgreSQL interface. Anyway, the first configuration step is to define the odbc -auth_method. For example: -
{auth_method, [odbc]}.
-
+See section 3.1.4.
PostgreSQL also can be used to store information into from several ejabberd -modules. See section 3.3.1 to see which modules have a version -with the ‘_odbc’. This suffix indicates that the module can be used with -relational databases like PostgreSQL. To enable storage to your database, just -make sure that your database is running well (see previous sections), and -replace the suffix-less or ldap module variant with the odbc module variant. -Keep in mind that you cannot have several variants of the same module loaded!
+modules. +See section 3.3.1 to see which modules support an ODBC storage backend. +To configure the module to use ODBC as storage backend, add the option +{backend, odbc} to the module.Although this section will describe ejabberd’s configuration when you want to use the ODBC driver, it does not describe the installation and database creation @@ -1628,19 +1640,13 @@ Specify in seconds: for example 28800 means 8 hours.
{odbc_keepalive_interval, undefined}.
The first configuration step is to define the odbc auth_method. For -example: -
{auth_method, [odbc]}.
-
+See section 3.1.4.
An ODBC compatible database also can be used to store information into from -several ejabberd modules. See section 3.3.1 to see which -modules have a version with the ‘_odbc’. This suffix indicates that the module -can be used with ODBC compatible relational databases. To enable storage to your -database, just make sure that your database is running well (see previous -sections), and replace the suffix-less or ldap module variant with the odbc -module variant. Keep in mind that you cannot have several variants of the same -module loaded!
+several ejabberd modules. +See section 3.3.1 to see which modules support an ODBC storage backend. +To configure the module to use ODBC as storage backend, add the option +{backend, odbc} to the module.ejabberd has built-in LDAP support. You can authenticate users against LDAP server and use LDAP directory as vCard storage. Shared rosters are not supported @@ -1894,33 +1900,26 @@ all entries end with a comma:
You can see which database backend each module needs by looking at the suffix:
If you want to, -it is possible to use a relational database to store pieces of -information. You can do this by changing the module name to a name with an -_odbc suffix in ejabberd config file. You can use a relational -database for the following data:
Those modules accept the option {backend, mnesia|odbc}, +and can store the tables in the configured backend:
You can find more contributed modules on the ejabberd website. Please remember that these contributions might not work or @@ -2288,7 +2282,13 @@ discover when a disconnected user last accessed the server, to know when a connected user was last active on the server, or to query the uptime of the ejabberd server.
Options:
@@ -2702,6 +2702,12 @@ When a user has too many offline messages, any new messages that he receive are and a resource-constraint error is returned to the sender. The default value is max_user_offline_messages. Then you can define an access rule with a syntax similar to +
This example allows power users to have as much as 5000 offline messages, administrators up to 2000, @@ -2773,7 +2779,13 @@ subscription type (or globally). (from http://xmpp.org/rfcs/rfc3921.html#privacy)
Options:
@@ -2785,7 +2797,13 @@ it is valid XML. One typical usage for this namespace is the server-side storage of client-specific preferences; another is Bookmark Storage (XEP-0048).
Options:
@@ -3006,7 +3024,13 @@ Also define a registration timeout of one hour: RFC 3921: XMPP IM. It also supports Roster Versioning (XEP-0237).
Options:
Examples: