How to get multi-user chat room access control list from external auth on ejabberd

0
votes

I have ejabberd set up using external_auth to authenticate against the user database of my web application. What I would like is to be able to create a MUC (chat room) for site moderators, and automatically add those users to the chat, to the exclusion of all other users.

Eventually I would also like to be able to map my site's groups functionality to MUC's in ejabberd also.

The external authentication API for ejabberd doesn't seem to provide for fine-grained access control, basically only allowing you to query whether a user is registered and whether a username / password combination successfully authenticates a user.

The only reference I've seen to acl's for MUC's is here: http://www.ejabberd.im/aclpopulate But that seems to require setting privileges through the webadmin interface.

Is there no way to do this automatically from external auth?

2
erlangejabberd

2 Answers

2
votes

To answer my own question, it doesn't seem possible to do what I need by using external auth. I ended up integrating ejabberd commands into the user / group lifecycle of my web app, which was quicker than I had anticipated, and has the added bonus of being a zillion times faster than using external auth (I use ejabberd's internal user database, using ejabberdctl to create users, update passwords, add and remove from shared rosters and create muc's).

To help with that process I created a PHP wrapper for ejabberdctl which is freely available on github:

https://github.com/tomlancaster/Ejabberd-Wrapper-PHP

Please feel free to use and abuse it as you wish.

0
votes

If you have your own authentication module, in that case you can redirect the authentication process of ejabberd. In ejabberd_auth.erl file redirect authentication by modifying check_password_with_authmodule/3 and check_password_with_authmodule/5 two function. From your authentication module return back the term as these two functions return.

If you authentication module is in deferent machine, make a socket connection to communicate with your authentication module and get the result and give the result back to check_password_with_authmodul function.

After this changes rebuild ejabberd and start.