From 79a0a445050d5b1df95e19f0cba3f1e6a6b0e2e3 Mon Sep 17 00:00:00 2001 From: Badlop Date: Wed, 13 Aug 2008 11:00:21 +0000 Subject: [PATCH] * doc/guide.tex: Explain that LDAP is read-only storage (thanks to Evgeniy Khramtsov) * doc/guide.html: Likewise SVN Revision: 1521 --- ChangeLog | 6 + doc/guide.html | 297 ++++++++++++++++++------------------------------- doc/guide.tex | 9 ++ 3 files changed, 123 insertions(+), 189 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12815c70e..5aa5219dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2008-08-13 Badlop + + * doc/guide.tex: Explain that LDAP is read-only storage (thanks to + Evgeniy Khramtsov) + * doc/guide.html: Likewise + 2008-08-10 Badlop * src/msgs/eo.msg: Updated (thanks to Andreas van Cranenburgh) diff --git a/doc/guide.html b/doc/guide.html index 9dc34c1ab..65b7e3708 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -139,74 +139,72 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;}
  • 3.3.3  mod_announce
  • 3.3.4  mod_disco
  • 3.3.5  mod_echo -
  • 3.3.6  mod_http_bind -
  • 3.3.7  mod_http_fileserver -
  • 3.3.8  mod_irc -
  • 3.3.9  mod_last -
  • 3.3.10  mod_muc -
  • 3.3.11  mod_muc_log -
  • 3.3.12  mod_offline -
  • 3.3.13  mod_privacy -
  • 3.3.14  mod_private -
  • 3.3.15  mod_proxy65 -
  • 3.3.16  mod_pubsub -
  • 3.3.17  mod_register -
  • 3.3.18  mod_roster -
  • 3.3.19  mod_service_log -
  • 3.3.20  mod_shared_roster -
  • 3.3.21  mod_stats -
  • 3.3.22  mod_time -
  • 3.3.23  mod_vcard -
  • 3.3.24  mod_vcard_ldap -
  • 3.3.25  mod_version +
  • 3.3.6  mod_irc +
  • 3.3.7  mod_last +
  • 3.3.8  mod_muc +
  • 3.3.9  mod_muc_log +
  • 3.3.10  mod_offline +
  • 3.3.11  mod_privacy +
  • 3.3.12  mod_private +
  • 3.3.13  mod_proxy65 +
  • 3.3.14  mod_pubsub +
  • 3.3.15  mod_register +
  • 3.3.16  mod_roster +
  • 3.3.17  mod_service_log +
  • 3.3.18  mod_shared_roster +
  • 3.3.19  mod_stats +
  • 3.3.20  mod_time +
  • 3.3.21  mod_vcard +
  • 3.3.22  mod_vcard_ldap +
  • 3.3.23  mod_version
  • -
  • Chapter 4  Managing an ejabberd server +
  • Chapter 4  Managing an ejabberd server -
  • Chapter 5  Securing ejabberd +
  • Chapter 5  Securing ejabberd -
  • Chapter 6  Clustering +
  • Chapter 6  Clustering -
  • Chapter 7  Debugging +
  • Chapter 7  Debugging -
  • Appendix A  Internationalization and Localization -
  • Appendix B  Release Notes -
  • Appendix C  Acknowledgements -
  • Appendix D  Copyright Information +
  • Appendix A  Internationalization and Localization +
  • Appendix B  Release Notes +
  • Appendix C  Acknowledgements +
  • Appendix D  Copyright Information
  • Chapter 1  Introduction

    ejabberd is a free and open source instant messaging server written in Erlang.

    ejabberd is cross-platform, distributed, fault-tolerant, and based on open standards to achieve real-time communication.

    ejabberd is designed to be a rock-solid and feature rich XMPP server.

    ejabberd is suitable for small deployments, whether they need to be scalable or not, as well as extremely big deployments.

    @@ -466,7 +464,7 @@ There are two ways to register a Jabber account:
    1. Using ejabberdctl (see section 4.1):
      ejabberdctl register admin1 example.org FgT5bk3
      -
    2. Using a Jabber client and In-Band Registration (see section 3.3.17). +
    3. Using a Jabber client and In-Band Registration (see section 3.3.15).
  • Edit the ejabberd configuration file to give administration rights to the Jabber account you created:
    {acl, admins, {user, "admin1", "example.org"}}.
    @@ -1333,7 +1331,9 @@ module loaded!

    3.2.5  LDAP

    ejabberd has built-in LDAP support. You can authenticate users against LDAP server and use LDAP directory as vCard storage. Shared rosters are not supported -yet.

    +yet.

    Note that ejabberd treats LDAP as a read-only storage: +it is possible to consult data, but not possible to +create accounts, change password or edit vCard that is stored in LDAP.

    Connection

    Parameters:

    ldap_servers
    List of IP addresses or DNS names of your @@ -1659,7 +1659,7 @@ message is sent to all registered users. If the user is online and connected to several resources, only the resource with the highest priority will receive the message. If the registered user is not connected, the message will be stored offline in assumption that offline storage -(see section 3.3.12) is enabled. +(see section 3.3.10) is enabled.
    example.org/announce/online (example.org/announce/all-hosts/online)
    The message is sent to all connected users. If the user is online and connected to several resources, all resources will receive the message. @@ -1769,91 +1769,8 @@ of them all? {mod_echo, [{host, "mirror.example.org"}]}, ... ]}. -
    -

    3.3.6  mod_http_bind

    - -

    This module implements XMPP over Bosh (formerly known as HTTP Binding) -as outlined by XEP-0206. -It extends ejabberd’s built in HTTP service with a configurable -resource at which this service will be hosted.

    To use HTTP-Binding, enable the module: -

    {modules,
    - [
    -  ...
    -  {mod_http_bind, []},
    -  ...
    -]}.
    -

    and add http_bind in the HTTP service. For example: -

    {listen, 
    - [
    -  ...
    -  {5280, ejabberd_http, [
    -                         http_bind,
    -                         http_poll,
    -                         web_admin
    -                        ]
    -  },
    -  ...
    -]}.
    -

    With this configuration, the module will serve the requests sent to -http://example.org:5280/http-bind/ -Remember that this page is not designed to be used by web browsers, -it is used by Jabber clients that support XMPP over Bosh.

    If you want to set the service in a different URI path or use a different module, -you can configure it manually using the option request_handlers. -For example: -

    {listen, 
    - [
    -  ...
    -  {5280, ejabberd_http, [
    -                         {request_handlers, [{["http-bind"], mod_http_bind}]},
    -                         http_poll,
    -                         web_admin
    -                        ]
    -  },
    -  ...
    -]}.
    -
    -

    3.3.7  mod_http_fileserver

    - -

    This simple module serves files from the local disk over HTTP.

    Options: -

    -docroot
    -Directory to serve the files. -
    accesslog
    -File to log accesses using an Apache-like format. -No log will be recorded if this option is not specified. -

    This example configuration will serve the files from -the local directory /var/www -in the address http://example.org:5280/pub/archive/. -To use this module you must enable it: -

    {modules,
    - [
    -  ...
    -  {mod_http_fileserver, [
    -                         {docroot, "/var/www"}, 
    -                         {accesslog, "/var/log/ejabberd/access.log"}
    -                        ]
    -  },
    -  ...
    -]}.
    -

    And define it as a handler in the HTTP service: -

    {listen, 
    - [
    -  ...
    -  {5280, ejabberd_http, [
    -                         ...
    -                         {request_handlers, [
    -                                             ...
    -                                             {["pub", "archive"], mod_http_fileserver},
    -                                             ...
    -                                            ]
    -                         },
    -                         ...
    -                        ]
    -  },
    -  ...
    -]}.
     

    -

    3.3.8  mod_irc

    +

    3.3.6  mod_irc

    This module is an IRC transport that can be used to join channels on IRC servers.

    End user information: @@ -1912,7 +1829,7 @@ our domains and on other servers. ... ]}.

  • -

    3.3.9  mod_last

    +

    3.3.7  mod_last

    This module adds support for Last Activity (XEP-0012). It can be used to discover when a disconnected user last accessed the server, to know when a connected user was last active on the server, or to query the uptime of the @@ -1921,7 +1838,7 @@ connected user was last active on the server, or to query the uptime of the iqdisc

    This specifies the processing discipline for Last activity (jabber:iq:last) IQ queries (see section 3.3.2).

    -

    3.3.10  mod_muc

    +

    3.3.8  mod_muc

    With this module enabled, your server will support Multi-User Chat (XEP-0045). End users will be able to join text conferences.

    Some of the features of Multi-User Chat:

    • @@ -2125,7 +2042,7 @@ newly created chatrooms have by default those options. ... ]}.

    -

    3.3.11  mod_muc_log

    +

    3.3.9  mod_muc_log

    This module enables optional logging of Multi-User Chat (MUC) conversations to HTML. Once you enable this module, users can join a chatroom using a MUC capable Jabber client, and if they have enough privileges, they can request the @@ -2232,7 +2149,7 @@ top link will be the default <a href="/">Home</a>. ... ]}.

    -

    3.3.12  mod_offline

    +

    3.3.10  mod_offline

    This module implements offline message storage. This means that all messages sent to an offline user will be stored on the server until that user comes online again. Thus it is very similar to how email works. Note that @@ -2243,7 +2160,7 @@ is use to set a max number of offline messages per user (quota). Its value can be either infinity or a strictly positive integer. The default value is infinity.

    -

    3.3.13  mod_privacy

    +

    3.3.11  mod_privacy

    This module implements Blocking Communication (also known as Privacy Rules) as defined in section 10 from XMPP IM. If end users have support for it in their Jabber client, they will be able to: @@ -2271,7 +2188,7 @@ subscription type (or globally). iqdisc

    This specifies the processing discipline for Blocking Communication (jabber:iq:privacy) IQ queries (see section 3.3.2).

    -

    3.3.14  mod_private

    +

    3.3.12  mod_private

    This module adds support for Private XML Storage (XEP-0049):

    Using this method, Jabber entities can store private data on the server and @@ -2283,7 +2200,7 @@ of client-specific preferences; another is Bookmark Storage ( This specifies the processing discipline for Private XML Storage (jabber:iq:private) IQ queries (see section 3.3.2).

    -

    3.3.15  mod_proxy65

    +

    3.3.13  mod_proxy65

    This module implements SOCKS5 Bytestreams (XEP-0065). It allows ejabberd to act as a file transfer proxy between two XMPP clients.

    Options: @@ -2338,7 +2255,7 @@ The simpliest configuration of the module: ... ]}.

    -

    3.3.16  mod_pubsub

    +

    3.3.14  mod_pubsub

    This module offers a Publish-Subscribe Service (XEP-0060). The functionality in mod_pubsub can be extended using plugins. The plugin that implements PEP (Personal Eventing via Pubsub) (XEP-0163) @@ -2369,7 +2286,7 @@ and is shared by all node plugins. ... ]}.

    -

    3.3.17  mod_register

    +

    3.3.15  mod_register

    This module adds support for In-Band Registration (XEP-0077). This protocol enables end users to use a Jabber client to:

    • @@ -2442,13 +2359,13 @@ Also define a registration timeout of one hour: ... ]}.

    -

    3.3.18  mod_roster

    +

    3.3.16  mod_roster

    This module implements roster management as defined in RFC 3921: XMPP IM.

    Options:

    iqdisc
    This specifies the processing discipline for Roster Management (jabber:iq:roster) IQ queries (see section 3.3.2).

    -

    3.3.19  mod_service_log

    +

    3.3.17  mod_service_log

    This module adds support for logging end user packets via a Jabber message auditing service such as Bandersnatch. All user @@ -2478,7 +2395,7 @@ To log all end user packets to the Bandersnatch service running on ... ]}.

    -

    3.3.20  mod_shared_roster

    +

    3.3.18  mod_shared_roster

    This module enables you to create shared roster groups. This means that you can create groups of people that can see members from (other) groups in their rosters. The big advantages of this feature are that end users do not need to @@ -2553,7 +2470,7 @@ roster groups as shown in the following table:


    -

    3.3.21  mod_stats

    +

    3.3.19  mod_stats

    This module adds support for Statistics Gathering (XEP-0039). This protocol allows you to retrieve next statistics from your ejabberd deployment:

    • @@ -2585,14 +2502,14 @@ by sending: </query> </iq>

    -

    3.3.22  mod_time

    +

    3.3.20  mod_time

    This module features support for Entity Time (XEP-0090). By using this XEP, you are able to discover the time at another entity’s location.

    Options:

    iqdisc
    This specifies the processing discipline for Entity Time (jabber:iq:time) IQ queries (see section 3.3.2).

    -

    3.3.23  mod_vcard

    +

    3.3.21  mod_vcard

    This module allows end users to store and retrieve their vCard, and to retrieve other users vCards, as defined in vcard-temp (XEP-0054). The module also implements an uncomplicated Jabber User Directory based on the vCards of @@ -2647,10 +2564,12 @@ and that all virtual hosts will be searched instead of only the current one: ... ]}.

    -

    3.3.24  mod_vcard_ldap

    +

    3.3.22  mod_vcard_ldap

    ejabberd can map LDAP attributes to vCard fields. This behaviour is implemented in the mod_vcard_ldap module. This module does not depend on the -authentication method (see 3.2.5).

    The mod_vcard_ldap module has +authentication method (see 3.2.5).

    Note that ejabberd treats LDAP as a read-only storage: +it is possible to consult data, but not possible to +create accounts, change password or edit vCard that is stored in LDAP.

    The mod_vcard_ldap module has its own optional parameters. The first group of parameters has the same meaning as the top-level LDAP parameters to set the authentication method: ldap_servers, ldap_port, ldap_rootdn, @@ -2821,7 +2740,7 @@ searching his info in LDAP.

  • ldap_vcard_map
  • -

    3.3.25  mod_version

    +

    3.3.23  mod_version

    This module implements Software Version (XEP-0092). Consequently, it answers ejabberd’s version when queried.

    Options:

    @@ -2830,9 +2749,9 @@ The default value is true.
    iqdisc
    This specifies the processing discipline for Software Version (jabber:iq:version) IQ queries (see section 3.3.2).

    -

    Chapter 4  Managing an ejabberd server

    -

    4.1  ejabberdctl

    -

    4.1.1  Commands

    The ejabberdctl command line administration script allows to start, stop and perform +

    Chapter 4  Managing an ejabberd server

    +

    4.1  ejabberdctl

    +

    4.1.1  Commands

    The ejabberdctl command line administration script allows to start, stop and perform many other administrative tasks in a local or remote ejabberd server.

    When ejabberdctl is executed without any parameter, it displays the available options. If there isn’t an ejabberd server running, the available parameters are: @@ -2865,7 +2784,7 @@ and other codes may be used for specifical results. This can be used by other scripts to determine automatically if a command succedded or failed, for example using: echo $?

    -

    4.1.2  Erlang runtime system

    ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system. +

    4.1.2  Erlang runtime system

    ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system. This system is configured using environment variables and command line parameters. The ejabberdctl administration script uses many of those possibilities. You can configure some of them with the file ejabberdctl.cfg, @@ -2928,7 +2847,7 @@ Starts the Erlang system detached from the system console.

    Note that some characters need to be escaped when used in shell scripts, for instance " and {}. You can find other options in the Erlang manual page (erl -man erl).

    -

    4.2  Web Admin

    +

    4.2  Web Admin

    The ejabberd Web Admin allows to administer most of ejabberd using a web browser.

    This feature is enabled by default: a ejabberd_http listener with the option web_admin (see section 3.1.3) is included in the listening ports. Then you can open @@ -2988,13 +2907,13 @@ web browser to https://192.168.1.1:5280/admin/: ... ]}.

    -

    4.3  Ad-hoc Commands

    If you enable mod_configure and mod_adhoc, +

    4.3  Ad-hoc Commands

    If you enable mod_configure and mod_adhoc, you can perform several administrative tasks in ejabberd with a Jabber client. The client must support Ad-Hoc Commands (XEP-0050), and you must login in the Jabber server with an account with proper privileges.

    -

    4.4  Change Computer Hostname

    ejabberd uses the distributed Mnesia database. +

    4.4  Change Computer Hostname

    ejabberd uses the distributed Mnesia database. Being distributed, Mnesia enforces consistency of its file, so it stores the name of the Erlang node in it (see section 5.4). The name of an Erlang node includes the hostname of the computer. @@ -3010,8 +2929,8 @@ you must follow these instructions: For example:

    ejabberdctl restore /tmp/ejabberd-oldhost.backup
     

    -

    Chapter 5  Securing ejabberd

    -

    5.1  Firewall Settings

    +

    Chapter 5  Securing ejabberd

    +

    5.1  Firewall Settings

    You need to take the following TCP ports in mind when configuring your firewall:


    @@ -3022,7 +2941,7 @@ you must follow these instructions:
    PortDescription
    port rangeUsed for connections between Erlang nodes. This range is configurable.

    -

    5.2  epmd

    epmd (Erlang Port Mapper Daemon) +

    5.2  epmd

    epmd (Erlang Port Mapper Daemon) is a small name server included in Erlang/OTP and used by Erlang programs when establishing distributed Erlang communications. ejabberd needs epmd to use ejabberdctl and also when clustering ejabberd nodes. @@ -3046,7 +2965,7 @@ The ports used in this case are random. You can limit the range of ports when starting Erlang with a command-line parameter, for example:

    erl ... -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4375
     

    -

    5.3  Erlang Cookie

    The Erlang cookie is a string with numbers and letters. +

    5.3  Erlang Cookie

    The Erlang cookie is a string with numbers and letters. An Erlang node reads the cookie at startup from the command-line parameter -setcookie. If not indicated, the cookie is read from the cookie file $HOME/.erlang.cookie. If this file does not exist, it is created immediately with a random cookie. @@ -3060,7 +2979,7 @@ to prevent unauthorized access or intrusion to an Erlang node. The communication between Erlang nodes are not encrypted, so the cookie could be read sniffing the traffic on the network. The recommended way to secure the Erlang node is to block the port 4369.

    -

    5.4  Erlang node name

    An Erlang node may have a node name. +

    5.4  Erlang node name

    An Erlang node may have a node name. The name can be short (if indicated with the command-line parameter -sname) or long (if indicated with the parameter -name). Starting an Erlang node with -sname limits the communication between Erlang nodes to the LAN.

    Using the option -sname instead of -name is a simple method @@ -3069,7 +2988,7 @@ However, it is not ultimately effective to prevent access to the Erlang node, because it may be possible to fake the fact that you are on another network using a modified version of Erlang epmd. The recommended way to secure the Erlang node is to block the port 4369.

    -

    5.5  Securing sensible files

    ejabberd stores sensible data in the file system either in plain text or binary files. +

    5.5  Securing sensible files

    ejabberd stores sensible data in the file system either in plain text or binary files. The file system permissions should be set to only allow the proper user to read, write and execute those files and directories.

    ejabberd configuration file: /etc/ejabberd/ejabberd.cfg
    @@ -3089,9 +3008,9 @@ so it is preferable to secure the whole /var/lib/ejabberd/db/ directory
    Erlang cookie file: /var/lib/ejabberd/.erlang.cookie
    See section 5.3.

    -

    Chapter 6  Clustering

    +

    Chapter 6  Clustering

    -

    6.1  How it Works

    +

    6.1  How it Works

    A Jabber domain is served by one or more ejabberd nodes. These nodes can be run on different machines that are connected via a network. They all must have the ability to connect to port 4369 of all another nodes, and must @@ -3105,29 +3024,29 @@ router,

  • session manager,
  • s2s manager.
  • -

    6.1.1  Router

    +

    6.1.1  Router

    This module is the main router of Jabber packets on each node. It routes them based on their destination’s domains. It uses a global routing table. The domain of the packet’s destination is searched in the routing table, and if it is found, the packet is routed to the appropriate process. If not, it is sent to the s2s manager.

    -

    6.1.2  Local Router

    +

    6.1.2  Local Router

    This module routes packets which have a destination domain equal to one of this server’s host names. If the destination JID has a non-empty user part, it is routed to the session manager, otherwise it is processed depending on its content.

    -

    6.1.3  Session Manager

    +

    6.1.3  Session Manager

    This module routes packets to local users. It looks up to which user resource a packet must be sent via a presence table. Then the packet is either routed to the appropriate c2s process, or stored in offline storage, or bounced back.

    -

    6.1.4  s2s Manager

    +

    6.1.4  s2s Manager

    This module routes packets to other Jabber servers. First, it checks if an opened s2s connection from the domain of the packet’s source to the domain of the packet’s destination exists. If that is the case, the s2s manager routes the packet to the process serving this connection, otherwise a new connection is opened.

    -

    6.2  Clustering Setup

    +

    6.2  Clustering Setup

    Suppose you already configured ejabberd on one machine named (first), and you need to setup another one to make an ejabberd cluster. Then do following steps:

    1. @@ -3161,10 +3080,10 @@ and ‘access’ options — they will be taken from enabled only on one machine in the cluster).

    You can repeat these steps for other machines supposed to serve this domain.

    -

    6.3  Service Load-Balancing

    +

    6.3  Service Load-Balancing

    -

    6.3.1  Components Load-Balancing

    -

    6.3.2  Domain Load-Balancing Algorithm

    +

    6.3.1  Components Load-Balancing

    +

    6.3.2  Domain Load-Balancing Algorithm

    ejabberd includes an algorithm to load balance the components that are plugged on an ejabberd cluster. It means that you can plug one or several instances of the same component on each ejabberd cluster and that the traffic will be automatically distributed.

    The default distribution algorithm try to deliver to a local instance of a component. If several local instances are available, one instance is chosen randomly. If no instance is available locally, one instance is chosen randomly among the remote component instances.

    If you need a different behaviour, you can change the load balancing behaviour with the option domain_balancing. The syntax of the option is the following:

    {domain_balancing, "component.example.com", <balancing_criterium>}.                                   
     

    Several balancing criteria are available:

    • @@ -3173,13 +3092,13 @@ domain.

      -

      6.3.3  Load-Balancing Buckets

      +

      6.3.3  Load-Balancing Buckets

      When there is a risk of failure for a given component, domain balancing can cause service trouble. If one component is failing the service will not work correctly unless the sessions are rebalanced.

      In this case, it is best to limit the problem to the sessions handled by the failing component. This is what the domain_balancing_component_number option does, making the load balancing algorithm not dynamic, but sticky on a fix number of component instances.

      The syntax is the following:

      {domain_balancing_component_number, "component.example.com", N}
       

      -

      Chapter 7  Debugging

      +

      Chapter 7  Debugging

      -

      7.1  Watchdog Alerts

      +

      7.1  Watchdog Alerts

      ejabberd includes a watchdog mechanism. If a process in the ejabberd server consumes too much memory, a message is sent to the Jabber accounts defined with the option @@ -3191,7 +3110,7 @@ Example configuration: To remove all watchdog admins, set the option with an empty list:

      {watchdog_admins, []}.
       

      -

      7.2  Log Files

      An ejabberd node writes two log files: +

      7.2  Log Files

      An ejabberd node writes two log files:

      ejabberd.log
      is the ejabberd service log, with the messages reported by ejabberd code
      sasl.log
      is the Erlang/OTP system log, with the messages reported by Erlang/OTP using SASL (System Architecture Support Libraries) @@ -3208,12 +3127,12 @@ The possible levels are: For example, the default configuration is:

      {loglevel, 4}.
       

      -

      7.3  Debug Console

      The Debug Console is an Erlang shell attached to an already running ejabberd server. +

      7.3  Debug Console

      The Debug Console is an Erlang shell attached to an already running ejabberd server. With this Erlang shell, an experienced administrator can perform complex tasks.

      This shell gives complete control over the ejabberd server, so it is important to use it with extremely care. There are some simple and safe examples in the article Interconnecting Erlang Nodes

      To exit the shell, close the window or press the keys: control+c control+c.

      -

      Appendix A  Internationalization and Localization

      +

      Appendix A  Internationalization and Localization

      All built-in modules support the xml:lang attribute inside IQ queries. Figure A.1, for example, shows the reply to the following query:

      <iq id='5'
      @@ -3240,9 +3159,9 @@ HTTP header ‘Accept-Language: ru’
       
       
       

      -

      Appendix B  Release Notes

      +

      Appendix B  Release Notes

      Release notes are available from ejabberd Home Page

      -

      Appendix C  Acknowledgements

      Thanks to all people who contributed to this guide: +

      Appendix C  Acknowledgements

      Thanks to all people who contributed to this guide:

      -

      Appendix D  Copyright Information

      Ejabberd Installation and Operation Guide.
      +

      Appendix D  Copyright Information

      Ejabberd Installation and Operation Guide.
      Copyright © 2003 — 2008 ProcessOne

      This document is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 diff --git a/doc/guide.tex b/doc/guide.tex index 654f4c33b..f707fda0d 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -1741,6 +1741,11 @@ module loaded! server and use LDAP directory as vCard storage. Shared rosters are not supported yet. +Note that \ejabberd{} treats LDAP as a read-only storage: +it is possible to consult data, but not possible to +create accounts, change password or edit vCard that is stored in LDAP. + + \makesubsubsection{ldapconnection}{Connection} Parameters: @@ -3266,6 +3271,10 @@ Examples: implemented in the \modvcardldap{} module. This module does not depend on the authentication method (see~\ref{ldapauth}). +Note that \ejabberd{} treats LDAP as a read-only storage: +it is possible to consult data, but not possible to +create accounts, change password or edit vCard that is stored in LDAP. + The \modvcardldap{} module has its own optional parameters. The first group of parameters has the same meaning as the top-level LDAP parameters to set the authentication method: