Add LDAP support to ejabberd

Users in the cn=greg,ou=users,dc=kosmos,dc=org group and the xmpp
attribute set to enabled will be able to log in using their userPassword

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -79,11 +79,21 @@ execute "create db schema ejabberd_5apps" do
   action :nothing
 end
 
+ldap_credentials = data_bag_item("credentials", "389")
+ldap_server = node["kosmos-dirsrv"]["nginx"]["domain"]
+ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
+ldap_base = "ou=users,dc=kosmos,dc=org"
+
 template "/opt/ejabberd/conf/ejabberd.yml" do
   source    "ejabberd.yml.erb"
   mode      0640
   sensitive true
-  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password']
+  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
+            ldap_server: ldap_server,
+            ldap_username: ldap_credentials[:username],
+            ldap_password: ldap_credentials[:password],
+            ldap_base: ldap_base,
+            ldap_encryption_type: ldap_encryption_type
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end
 

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -17,6 +17,13 @@ host_config:
     sql_database: "ejabberd"
     sql_username: "ejabberd"
     sql_password: "<%= @pgsql_password %>"
+    auth_method: [sql, ldap]
+    ldap_servers: ["<%= @ldap_server %>"]
+    ldap_rootdn: "<%= @ldap_username %>"
+    ldap_password: "<%= @ldap_password %>"
+    ldap_encrypt: <%= @ldap_encryption_type %>
+    ldap_base: "<%= @ldap_base %>"
+    ldap_filter: "(&(objectClass=account)(xmpp=enabled))"
   "5apps.com":
     sql_type: pgsql
     sql_server: "localhost"