[jadmin] User Authorisation/Addition

David Langenberg davel at uchicago.edu
Thu Feb 28 09:30:34 CST 2002 

At 2002.02.27.17.53, in <3C7D717A.6010003 at ardec.com.au>,
	"*Malcolm McGrath - Ardec - MIS" <mmcgrath at ardec.com.au> wrote:
> Greetings All,
> 
> <<SNIP>>
> 
> But I am a little stuck on the following: To simplify user creation and 
> account management (icq corp), we currenly create a new user manually, 
> log in and add all users to their user list and that is it. Users are 
> not able to create their own accounts, and users have no right to deny 
> being added to other users list(s) (approx 50 ppl in company). I would 
> like to know
> 1) How we could lock jabber down to not allow people to create accounts. 
> (other than an administrator/script)
> 

I believe this could be done by commenting out register.so from the jsm section of jabber.xml.  We accomplished this by 
using the mod_ldap2 auth modules, so they cannot create an account unless they use their valid LDAP uid and password.

> From what i have looked at, we could take an existing user and copy 
> then modify their file in $JABDIR/spool/server/name to create a new 
> user, but i am not aware of any complications that could eventuate if 
> this happens.

Attached is a perl script I have developed which creates users from a line delimited file of usernames.  You **will**
have to do some mods to make it work for your setup, but it can be used as a starting block.  We have had no problems
with the user.xml files it has generated so far (jabberd-1.4.2-test2) YMMV.

> 
> 2) How to make it so that users can add without authorisation.
> 

A slight tweak to the attached script should allow you to pre-load a roster when a user is created.  (Basically plug in 
the roster xml from an alreay created user.xml file. 

> Also while i think of it, are jabber contact lists stored on the server? 
> [As this may make it possible to add a new user to everyones account 
> without relying on users to do anything, as well as users not losing 
> their profiles/userlists.

Yep see comment above.

> 
> (Current Setup uses Psi for Linux/Unix clients, undecided and still 
> looking [willing to take some advice here] for a Win32 client :))
> 

We are still in early testing of the jabber service, and currently recommend winjab for windows users, gabber for Linux 
/ OSX, and Psi for Solaris.

> Thanks in advance.
> 
> Malcolm McGrath
> 
> 
> 
> _______________________________________________
> jadmin mailing list
> jadmin at jabber.org
> http://mailman.jabber.org/listinfo/jadmin
[End of excerpt from <3C7D717A.6010003 at ardec.com.au>]

-- 
***********************************************************
David Langenberg
Network Security & Enterprise Network Server Administration
The University of Chicago

Windows is the answer, but only if the question was 'what 
is the intellectual equivalent of being a galley slave?'
***********************************************************
-------------- next part --------------
#!/opt/bin/perl


############################################################
# jabberpop.pl -- prepopluate the jabber server.  takes as an argument
# a filename which contains a list of CNetID's (line delimited) and creates
# user.xml files in the jabber spool directory
#
# Created by David Langenberg <davel at uchicago.edu>
# Network Security and Enterprise Network Server Administration
# The University of Chicago
#
# You are free to do whatever-the-hell-you-want-to with this code.
#
# $Id$
############################################################

use POSIX qw(strftime);

#configuration vars -- SET BEFORE USE

# $SPOOL is the directory where the user.xml files go
$SPOOL = "/opt/home/jabber/jabber-1.4.2-test2/spool/im.uchicago.edu";
#$SPOOL = "./";

if($#ARGV == -1)          # @ARGV contains line arguments
{
    print "Enter Student filename: ";
    $filename=<STDIN>;
    chomp $filename;
}
else
{
    $filename=$ARGV[0];
}

open(CNETID,$filename);
$count =0; #counter of total names
while(<CNETID>){
    
    $cnetid = $_;
    chomp $cnetid;
    #remove any whitespace in their name
    $cnetid =~ s/\s+$//;
    $cnetid =~ s/^\s+//;
    push(@users,$cnetid); #save the name for later when we go looking for thoes not in feed any more
    
    #get the current time into a format which it will like (NOTE WE DO THIS IN GMT)
    $stamp = strftime("%Y%m%dT%H:%M:%S",gmtime(time));
    
    #not sure why, but it seems to prefer everything on one line so we build before we print
    $line = "<xdb>";
    $line .= "<query xmlns='jabber:iq:register' xdbns='jabber:iq:register'>";
    $line .= "<username>$cnetid</username>";
    $line .= "<password>foobar</password>";
    $line .= "<resource>UofC</resource>";
    $line .= "<x xmlns='jabber:x:delay' stamp='$stamp'>registered</x>";
    $line .= "</query><query xmlns='jabber:iq:register' xdbns='jabber:iq:auth'>";
    $line .= "<username>$cnetid</username><password>foobar</password>";
    $line .= "<resource>UofC</resource>";
    $line .= "<x xmlns='jabber:x:delay' stamp='$stamp'>registered</x>";
    $line .= "</query><query xmlns='jabber:iq:last' last='1012838583' xdbns='jabber:iq:last'>";
    $line .= "Registered by jabberpop</query>";
    $line .= "<foo xmlns='jabber:x:offline' xdbns='jabber:x:offline'/></xdb>";
    
    #start creating $user.xml files only if they don't have an account
    if(!(-e "$SPOOL/$cnetid.xml")){
	open(XML,">$SPOOL/$cnetid.xml");
	print XML $line;
	close XML;
	
	$count++;
    }
}
print "There were a total of $count accounts created\n";
#TODO
#ok, now remove thoes not in the file

More information about the JAdmin mailing list