site-cookbooks/kosmos-ejabberd/metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'ops@kosmos.org'
 license 'MIT'
 description 'Installs/Configures kosmos-ejabberd'
 long_description 'Installs/Configures kosmos-ejabberd'
-version '0.2.0'
+version '0.2.1'
 chef_version '>= 12.14' if respond_to?(:chef_version)
 
 # The `issues_url` points to the location where issues for this cookbook are

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -112,6 +112,8 @@ ldap_base = "cn=users,dc=kosmos,dc=org"
 admin_users = ejabberd_credentials['admins']
 
 hosts.each do |host|
+  ldap_rootdn = "uid=xmpp,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"
+
   postgresql_database host[:sql_database] do
     owner 'ejabberd'
     action :create
@@ -134,6 +136,7 @@ hosts.each do |host|
               host: host,
               ldap_base: ldap_base,
               ldap_server: ldap_domain,
+              ldap_rootdn: ldap_rootdn,
               ldap_encryption_type: ldap_encryption_type
     notifies :run, "execute[ejabberdctl reload_config]", :delayed
   end

site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb

@@ -14,12 +14,12 @@ host_config:
   <% if @host[:ldap_enabled] -%>
     auth_method: ldap
     ldap_servers: ["<%= @ldap_server %>"]
-    ldap_rootdn: "cn=xmpp,ou=<%= @host[:name] %>,<%= @ldap_base %>"
+    ldap_rootdn: "<%= @ldap_rootdn %>"
     ldap_password: "<%= @host[:ldap_password] %>"
     ldap_encrypt: <%= @ldap_encryption_type %>
     ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
     ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
-    ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= @host[:name] %>,<%= @ldap_base %>)"
+    ldap_filter: "(objectClass=person)"
   <% end -%>
 
 append_host_config: