![]() I assume the starting ejabberd configuration from my article on setting up your ejabberd real time IM server and configuring ejabberd video & voice calling, as well as the one on how to get 100% in XMPP server compliance test. External authentication scripts on ejabberd.In this article I will share some configuration steps that I made while I was preparing my previous ejabberd XMPP server tutorials.''' # build command line argument parser desc = 'ejabberd authentication script' parser = argparse.ArgumentParser(description =desc) # base url parser.add_argument( 'url', nargs = '?', metavar = 'URL', default =FALLBACK_URL, help = 'base URL (default: %(default)s )') # log file location parser.add_argument( '-l', '-log', default =DEFAULT_LOG_DIR, help = 'log directory (default: %(default)s )') # debug log level parser.add_argument( '-d', '-debug', action = 'store_const', const = True, help = 'toggle debug mode') args = vars(parser.parse_args()) return args, args, args if _name_ = '_main_': URL, DEBUG, LOG = get_args() LOGFILE = LOG + '/extauth.log' LEVEL = logging.DEBUG if DEBUG else logging.INFO PID = str(os.getpid()) FMT = ' %(message)s ' # redirect stderr ERRFILE = LOG + '/extauth.err' sys.stderr = open(ERRFILE, 'a+') # configure logging logging.basicConfig(level =LEVEL, format =FMT, filename =LOGFILE) ( 'Starting ejabberd auth script') ( 'Using %s as base URL', URL) ( 'Running in %s mode', 'debug' if DEBUG else 'release') EJABBERD = EjabberdAuth(URL, HEADERS) EJABBERD.loop() logging.warn( 'Terminating ejabberd auth script') References ''' while True: try: data = self._from_ejabberd() except KeyboardInterrupt: ( 'Terminating by user input') break except EjabberdError, err: logging.warn( 'Input error: ' + err) break success = False cmd = data if cmd = 'auth': success = self._auth(data, data, data) elif cmd = 'isuser': success = self._isuser(data, data) elif cmd = 'setpass': success = self._setpass(data, data, data) else: logging.warn( 'Unhandled ejabberd cmd " %s "', cmd) self._to_ejabberd(success) def get_args(): ''' Parse some basic configuration from command line arguments. import argparse import json import logging import os import struct import sys import urllib2 # DEFAULTS AND CONSTANTS # DEFAULT_LOG_DIR = '/var/log/ejabberd' FALLBACK_URL = ' HEADERS = return self._call_api( 'exists', data) def _setpass( self, username, server, password): '''Try to set the user's password.''' bug( 'Processing "setpass"') # TODO return False def loop( self): ''' Start the endless loop that reads on stdin and passes the authentication results to stdout towards the connected ejabberd instance. # See the License for the specific language governing permissions and # limitations under the License. # You may obtain a copy of the License at # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #!/usr/bin/env python # Copyright 2014 Gregor Uhlenheuer # Licensed under the Apache License, Version 2.0 (the "License") # you may not use this file except in compliance with the License. To enable external authentication for the whole ejabberd instance use something like this: To use the external authentication script you have to edit the ejabberd configuration in your ejabberd.cfg. Say you already have a user administration interface in your business layer this may be your preferred way to reuse that logic. Moreover this approach allows you to profit from authentication methods of existing services. This method may seem somewhat awkward but is very flexible on the other hand. ![]() This mechanism allows the use of an authentication script that may be written in practically any language.Įjabberd will invoke a configurable number of instances of the script and pass the authentication requests via stdin and expects the result on stdout. Odbc: ODBC connection using either the PostgreSQL or MySQL interfacesĮxternal: using an external authentication scriptįor this post we will focus on the external authentication method of ejabberd. Pam: user authentication using PAM (pluggable authentication modules) that is currently supported by FreeBSD, Linux, Mac OSX, NetBSD, Solaris … Ldap: authentication against a LDAP server/directory Internal: the default authentication using the Mnesia database backend The ejabberd XMPP server supports several authentication mechanisms out-of-the-box: Once again I am fiddling with ejabberd - this time it is the external authentication method using a python script. By Gregor Uhlenheuer on February 20, 2014
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |