diff --git a/doc/dev.html b/doc/dev.html index bad9c21d3..adc826cc7 100644 --- a/doc/dev.html +++ b/doc/dev.html @@ -2,7 +2,7 @@ "http://www.w3.org/TR/REC-html40/loose.dtd"> -Ejabberd 2.1.7 Developers Guide +<TITLE>Ejabberd 2.1.9 Developers Guide @@ -49,7 +49,7 @@ TD P{margin:0px;}

-

Ejabberd 2.1.7 Developers Guide

Alexey Shchepin
+

Ejabberd 2.1.9 Developers Guide

Alexey Shchepin
mailto:alexey@sevcom.net
xmpp:aleksey@jabber.ru

diff --git a/doc/features.html b/doc/features.html index f9b6bec58..520514375 100644 --- a/doc/features.html +++ b/doc/features.html @@ -2,7 +2,7 @@ "http://www.w3.org/TR/REC-html40/loose.dtd"> -Ejabberd 2.1.7 Feature Sheet +<TITLE>Ejabberd 2.1.9 Feature Sheet @@ -50,7 +50,7 @@ SPAN{width:20%; float:right; text-align:left; margin-left:auto;}

-

- + @@ -2077,7 +2112,7 @@ able to send such messages).

Examples:

  • Only administrators can send announcements: -
    {access, announce, [{allow, admins}]}.
+
    {access, announce, [{allow, admin}]}.
 
 {modules,
  [
@@ -2089,9 +2124,9 @@ Only administrators can send announcements:
  • Administrators as well as the direction can send announcements: 
    {acl, direction, {user, "big_boss", "example.org"}}.
 {acl, direction, {user, "assistant", "example.org"}}.
-{acl, admins, {user, "admin", "example.org"}}.
+{acl, admin, {user, "admin", "example.org"}}.
 
-{access, announce, [{allow, admins},
+{access, announce, [{allow, admin},
                     {allow, direction}]}.
 
 {modules,
@@ -2497,6 +2532,7 @@ The available room options and the default values are:
 
    
 {allow_change_subj, true|false}
     Allow occupants to change the subject.
 
    {allow_private_messages, true|false}
     Occupants can send private messages to other occupants.
+
    {allow_private_messages_from_visitors, anyone|moderators|nobody}
     Visitors can send private messages to other occupants.
 
    {allow_query_users, true|false}
     Occupants can send IQ queries to other occupants.
 
    {allow_user_invites, false|true}
     Allow occupants to send invitations.
 
    {allow_visitor_nickchange, true|false}
     Allow visitors to
@@ -2715,10 +2751,10 @@ used. The names of the log files will only contain the day (number),
 and there will be subdirectories for each year and month. The log files will
 be stored in /var/www/muclogs, and the local time will be used. Finally, the
 top link will be the default <a href="/">Home</a>.
-
    {acl, admins, {user, "admin1", "example.org"}}.
-{acl, admins, {user, "admin2", "example.net"}}.
+
    {acl, admin, {user, "admin1", "example.org"}}.
+{acl, admin, {user, "admin2", "example.net"}}.
 
-{access, muc_log, [{allow, admins},
+{access, muc_log, [{allow, admin},
                    {deny, all}]}.
 
 {modules,
@@ -3115,7 +3151,9 @@ To enable this feature, configure the options captcha_cmd and captcha_host.
    <
 {registration_watchers, [ JID, ...]}
     This option defines a
 list of JIDs which will be notified each time a new account is registered.
 
    This example configuration shows how to enable the module and the web handler:
-
    {listen, [
+
    {hosts, ["localhost", "example.org", "example.com"]}.
+
+{listen, [
   ...
   {5281, ejabberd_http, [
     tls,
@@ -3131,7 +3169,8 @@ list of JIDs which will be notified each time a new account is registered.
   {mod_register_web, []},
   ...
  ]}.
-
    The users can visit this page: https://localhost:5281/register/
+
    For example, the users of the host example.org can visit the page:
+https://example.org:5281/register/
 It is important to include the last / character in the URL,
 otherwise the subpages URL will be incorrect.
      
    
 
    3.3.21  mod_roster
      
@@ -3598,8 +3637,9 @@ and LDAP server supports
 its own optional parameters. The first group of parameters has the same
 meaning as the top-level LDAP parameters to set the authentication method:
 ldap_servers, ldap_port, ldap_rootdn,
-ldap_password, ldap_base, ldap_uids, and
-ldap_filter. See section 3.2.5 for detailed information
+ldap_password, ldap_base, ldap_uids,
+ldap_deref_aliases and ldap_filter.
+See section 3.2.5 for detailed information
 about these options. If one of these options is not set, ejabberd will look
 for the top-level option with the same name.
    The second group of parameters
 consists of the following mod_vcard_ldap-specific options:
    
@@ -3865,6 +3905,8 @@ all the environment variables and command line parameters.
    The environment
 	This path is used to read the file .erlang.cookie.
 
    ERL_CRASH_DUMP
    
 	Path to the file where crash reports will be dumped.
+
    ERL_EPMD_ADDRESS
    
+	IP address where epmd listens for connections (see section 5.2).
 
    ERL_INETRC
    
 	Indicates which IP name resolution to use.
 	If using -sname, specify either this option or -kernel inetrc filepath.
@@ -3891,10 +3933,10 @@ This is only useful if you plan to setup an ejabberd cluster with nodes
 connections (see section 5.2).
 
    -detached
    
 Starts the Erlang system detached from the system console.
-	Useful for running daemons and backgrounds processes.
+	Useful for running daemons and background processes.
 
    -noinput
    
 	Ensures that the Erlang system never tries to read any input.
-	Useful for running daemons and backgrounds processes.
+	Useful for running daemons and background processes.
 
    -pa /var/lib/ejabberd/ebin
    
 	Specify the directory where Erlang binary files (*.beam) are located.
 
    -s ejabberd
    
@@ -4059,11 +4101,11 @@ URL). If you log in with ‘admin@example.com’ on
    
  http://example.org:5280/admin/server/example.com/ you can only
 administer the virtual host example.com.
 The account ‘reviewer@example.com’ can browse that vhost in read-only mode.
-
    {acl, admins, {user, "admin", "example.net"}}.
-{host_config, "example.com", [{acl, admins, {user, "admin", "example.com"}}]}.
+
    {acl, admin, {user, "admin", "example.net"}}.
+{host_config, "example.com", [{acl, admin, {user, "admin", "example.com"}}]}.
 {host_config, "example.com", [{acl, viewers, {user, "reviewer", "example.com"}}]}.
 
-{access, configure, [{allow, admins}]}.
+{access, configure, [{allow, admin}]}.
 {access, webadmin_view, [{allow, viewers}]}.
 
 {hosts, ["example.org"]}.
@@ -4178,7 +4220,9 @@ and connects to the Erlang node that holds ejabberd.
 In order for this communication to work,
 epmd must be running and listening for name requests in the port 4369.
 You should block the port 4369 in the firewall in such a way that
-only the programs in your machine can access it.
    If you build a cluster of several ejabberd instances,
+only the programs in your machine can access it.
+or configure the option ERL_EPMD_ADDRESS in the file ejabberdctl.cfg
+(this option works only in Erlang/OTP R14B03 or higher).
    If you build a cluster of several ejabberd instances,
 each ejabberd instance is called an ejabberd node.
 Those ejabberd nodes use a special Erlang communication method to
 build the cluster, and EPMD is again needed listening in the port 4369.
diff --git a/doc/version.tex b/doc/version.tex
index 255412336..ebaed03ec 100644
--- a/doc/version.tex
+++ b/doc/version.tex
@@ -1,2 +1,2 @@
 % ejabberd version (automatically generated).
-\newcommand{\version}{2.1.7}
+\newcommand{\version}{2.1.9}
diff --git a/src/ejabberd.app b/src/ejabberd.app
index 031fdaf46..ea755a7b9 100644
--- a/src/ejabberd.app
+++ b/src/ejabberd.app
@@ -2,7 +2,7 @@
 
 {application, ejabberd,
  [{description, "ejabberd"},
-  {vsn, "2.1.7"},
+  {vsn, "2.1.9"},
   {modules, [acl,
 	     adhoc,
 	     configure,

Ejabberd 2.1.7 Feature Sheet

Sander Devrieze
+

Ejabberd 2.1.9 Feature Sheet

Sander Devrieze
mailto:s.devrieze@pandora.be
xmpp:sander@devrieze.dyndns.org

diff --git a/doc/guide.html b/doc/guide.html index 24bb2d306..c2eb4bf6d 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -6,7 +6,7 @@ - ejabberd 2.1.7 + ejabberd 2.1.9 Installation and Operation Guide @@ -76,7 +76,7 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;}


- +
ejabberd 2.1.7
ejabberd 2.1.9
 
Installation and Operation Guide

@@ -306,8 +306,9 @@ Note that the Windows service is a feature still in development, and for example it doesn’t read the file ejabberdctl.cfg.

On a *nix system, if you want ejabberd to be started as daemon at boot time, copy ejabberd.init from the ’bin’ directory to something like /etc/init.d/ejabberd (depending on your distribution). -Create a system user called ejabberd; -it will be used by the script to start the server. +Create a system user called ejabberd, +give it write access to the directories database/ and logs/, and set that as home; +the script will start the server with that user. Then you can call /etc/inid.d/ejabberd start as root to start the server.

If ejabberd doesn’t start correctly in Windows, try to start it using the shortcut in desktop or start menu. If the window shows error 14001, the solution is to install: @@ -525,8 +526,8 @@ Using ejabberdctl (see section 4.1):

  • Using a XMPP client and In-Band Registration (see section 3.3.19).
  • Edit the ejabberd configuration file to give administration rights to the XMPP account you created: -
    {acl, admins, {user, "admin1", "example.org"}}.
-{access, configure, [{allow, admins}]}.
+
    {acl, admin, {user, "admin1", "example.org"}}.
+{access, configure, [{allow, admin}]}.
 
    You can grant administrative privileges to many XMPP accounts,
 and also to accounts in other XMPP servers.
  • Restart ejabberd to load the new configuration. @@ -1051,17 +1052,40 @@ internal (default) — See section 3.1.4. 3.2.2 and 3.2.4.
  • anonymous — See section 3.1.4.
  • pam — See section 3.1.4. -

    • Account creation is only supported by internal, external and odbc methods.

    +

    Account creation is only supported by internal, external and odbc methods.

    The option resource_conflict defines the action when a client attempts to +login to an account with a resource that is already connected. +The option syntax is: +

    {resource_conflict, setresource|closenew|closeold}.

    +The possible values match exactly the three possibilities described in +XMPP Core: section 7.7.2.2. +The default value is closeold. +If the client uses old Jabber Non-SASL authentication (XEP-0078), +then this option is not respected, and the action performed is closeold.

    Internal

    ejabberd uses its internal Mnesia database as the default authentication method. -The value internal will enable the internal authentication method.

    Examples: +The value internal will enable the internal authentication method.

    The option {auth_password_format, plain|scram} +defines in what format the users passwords are stored: +

    +plain
    +The password is stored as plain text in the database. +This is risky because the passwords can be read if your database gets compromised. +This is the default value. +This format allows clients to authenticate using: +the old Jabber Non-SASL (XEP-0078), SASL PLAIN, +SASL DIGEST-MD5, and SASL SCRAM-SHA-1.
    scram
    +The password is not stored, only some information that allows to verify the hash provided by the client. +It is impossible to obtain the original plain password from the stored information; +for this reason, when this value is configured it cannot be changed to plain anymore. +This format allows clients to authenticate using: SASL PLAIN and SASL SCRAM-SHA-1. +

    Examples:

    • To use internal authentication on example.org and LDAP authentication on example.net: 
      {host_config, "example.org", [{auth_method, [internal]}]}.
 {host_config, "example.net", [{auth_method, [ldap]}]}.
-
    • To use internal authentication on all virtual hosts: +
    • To use internal authentication with hashed passwords on all virtual hosts: 
      {auth_method, internal}.
+{auth_password_format, scram}.

    External Script

    In this authentication method, when ejabberd starts, @@ -1208,9 +1232,9 @@ declarations of ACLs in the configuration file have the following syntax:

    {user_regexp, Regexp}
    Matches any local user with a name that matches Regexp on local virtual hosts. Example: 
    {acl, tests, {user_regexp, "^test[0-9]*$"}}.
-
    {user_regexp, UserRegexp, Server}
    Matches any user with a name +
    {user_regexp, Regexp, Server}
    Matches any user with a name that matches Regexp at server Server. Example: -
    {acl, tests, {user_Userregexp, "^test", "example.org"}}.
+
    {acl, tests, {user_regexp, "^test", "example.org"}}.
    {server_regexp, Regexp}
    Matches any JID from the server that matches Regexp. Example: 
    {acl, icq, {server_regexp, "^icq\\."}}.
@@ -1701,6 +1725,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS
 When hard is enabled ejabberd doesn’t proceed if a certificate is invalid.
 When soft is enabled ejabberd proceeds even if check fails.
 The default is false which means no checks are performed.
+
    {ldap_tls_cacertfile, Path}
    +Path to file containing PEM encoded CA certificates. This option is needed +(and required) when TLS verification is enabled. +
    {ldap_tls_depth, Number}
    +Specifies the maximum verification depth when TLS verification is enabled, +i.e. how far in a chain of certificates the verification process can proceed +before the verification is considered to fail. +Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc. +The value 2 thus means that a chain can at most contain peer cert, +CA cert, next CA cert, and an additional CA cert. The default value is 1.
    {ldap_port, Number}
    Port to connect to your LDAP server. The default port is 389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in ejabberd’s database. @@ -1710,6 +1744,7 @@ the value previously stored in the database will be used instead of the default is "" which means ‘anonymous connection’.
    {ldap_password, Password}
    Bind password. The default value is "". +
    {ldap_deref_aliases, never|always|finding|searching}
    Whether or not to dereference aliases. The default is never.

    Example: 

    {auth_method, ldap}.
 {ldap_servers, ["ldap.example.org"]}.
@@ -1931,7 +1966,7 @@ all entries end with a comma:

    mod_offlineOffline message storage (XEP-0160) 
    mod_offline_odbcOffline message storage (XEP-0160)supported DB (*)
    mod_pingXMPP Ping and periodic keepalives (XEP-0199) 
    mod_privacyDetect presence subscription flood 
    mod_pres_counterDetect presence subscription flood 
    mod_privacyBlocking Communication (XEP-0016) 
    mod_privacy_odbcBlocking Communication (XEP-0016)supported DB (*)
    mod_privatePrivate XML Storage (XEP-0049)