3
3
<!-- Our ID on the network. Users will have this as the domain part of
4
4
their JID. If you want your server to be accessible from other
5
Jabber servers, this ID must be resolvable by DNS.s
6
(default: localhost) -->
5
Jabber servers, this ID must be FQDN resolvable by DNSes -->
6
<id>localhost.localdomain</id>
9
<!-- The process ID file. comment this out if you don't need to know
10
to know the process ID from outside the process (eg for control
8
<!-- The process ID file. Comment this out if you don't need to know
9
the process ID from outside the process (eg for control scripts) -->
12
10
<pidfile>@localstatedir@/jabberd/pid/sm.pid</pidfile>
14
12
<!-- Router connection configuration -->
21
19
<user>jabberd</user> <!-- default: jabberd -->
22
20
<pass>secret</pass> <!-- default: secret -->
24
<!-- File containing a SSL certificate and private key to use when
25
setting up an encrypted channel with the router. If this is
26
commented out, or the file can't be read, no attempt will be
27
made to establish an encrypted channel with the router. -->
22
<!-- File containing an SSL certificate and private key to use when
23
setting up an encrypted channel with the router. From
24
SSL_CTX_use_certificate_chain_file(3): "The certificates must be
25
in PEM format and must be sorted starting with the subject's
26
certificate (actual client or server certificate), followed
27
by intermediate CA certificates if applicable, and ending
28
at the highest level (root) CA" (the latter one being optional).
29
If this is commented out, or the file can't be read, no attempt
30
will be made to establish an encrypted channel with the router. -->
29
32
<pemfile>@sysconfdir@/server.pem</pemfile>
66
69
<!-- Storage database configuration -->
71
<!-- Dynamic storage modules path -->
72
<path>@pkglibdir@</path>
68
74
<!-- By default, we use the MySQL driver for all storage -->
69
75
<driver>mysql</driver>
71
77
<!-- Its also possible to explicitly list alternate drivers for
72
78
specific data types. -->
73
<!-- Store vcards in a PostgreSQL database instead -->
75
<driver type='vcard'>pgsql</driver>
80
<!-- Store vcards in a ldapvcard database instead -->
82
<driver type='vcard'>ldapvcard</driver>
85
<!-- Read mapping for group id <-> group name from ldap.
86
Used by mod_published_roster.
87
See ldapvcard section for options.
88
When resolving group id to group name, it searches for
89
groupsobjectclass objects at groupsdn base using group id
90
(in groupsidattr) as key and returns the first value of
91
groupattr of first found entry.
92
E.g.. in general case, if group id is "some-dep", and groupsdn
93
is o=org, and class is jabberGroup, it searches for
94
(&(objectClass=jabberGroup)(cn=some-dep)) and returns value of
95
jabberPublishedItem attribute, which may contain textual description.
98
<driver type='published-roster-groups'>ldapvcard</driver>
78
101
<!-- MySQL driver configuration -->
141
174
<user>jabberd2</user>
142
175
<pass>secret</pass>
178
<!-- SQLite driver configuration -->
180
<!-- Database name -->
181
<dbname>@localstatedir@/jabberd/db/sqlite.db</dbname>
183
<!-- Transacation support. If this is commented out, transactions
184
will be disabled. This might make database accesses faster,
185
but data may be lost if jabberd crashes. -->
188
<!-- SQLite busy-timeout in milliseconds. -->
189
<busy-timeout>2000</busy-timeout>
192
<!-- Filesystem driver configuration -->
194
<!-- Directory to store database files under. -->
195
<path>@localstatedir@/lib/jabberd2/fs</path>
198
<!-- LDAPVCARD driver configuration -->
200
<!-- LDAP server host and port (default: 389) -->
201
<uri>ldap://localhost/ ldaps://ldap.example.com/</uri>
203
<!-- DN to bind as for searches. If unspecified, the searches
204
will be done anonymously. -->
206
<binddn>cn=Directory Manager</binddn>
207
<bindpw>secret</bindpw>
210
<!-- see authreg.ldapfull int c2s.xml for description. -->
215
<!-- LDAP attribute that holds the user ID (default: uid) -->
216
<uidattr>uid</uidattr>
217
<objectclass>posixAccount</objectclass>
218
<pwattr>userPassword</pwattr>
219
<!-- if you use included jabberd.schema use this:
220
<uidattr>jid</uidattr>
221
<objectclass>jabberUser</objectclass>
222
<pwattr>jabberPassword</pwattr>
225
<!-- see authreg.ldapfull int c2s.xml for description. -->
227
<validattr>valid</validattr>
230
<!-- base DN of the tree. You should specify a DN for each
231
authentication realm declared in the <local/> section above,
232
by using the realm attribute. -->
233
<basedn>o=Example Corp.</basedn>
235
<!-- attribute that holds published group name or id,
236
jabberPublishedGroup if not set -->
238
<groupattr>jabberPublishedGroup</groupattr>
241
<!-- boolean attribute that tells, publish or not this user
242
jabberPublishedItem by default -->
244
<publishedattr>jabberPublishedItem</publishedattr>
247
<!-- If value specified, then keep cache of "published-roster"
248
database. Cache is renewed when kept more seconds than value
249
specified. Setting this value increases perfomance of publishing
250
roster. If not specified, then we don't keep cache. -->
251
<publishedcachettl>60</publishedcachettl>
254
<!-- If turned on, then reading mapping of group ids to names with
260
<!-- base for searches for group id to group name mappings -->
261
<basedn>ou=jabbergroups, o=Example Corp.</basedn>
263
<!-- what objectclass to search, jabberGroup by default -->
265
<objectclass>jabberGroup</objectclass>
268
<!-- what attribute to search, cn by default -->
273
<!-- attribute with text group name, description by default -->
275
<nameattr>description</nameattr>
146
281
<!-- Access control information -->
148
283
<!-- The JIDs listed here will get access to all restricted
149
284
functions, regardless of restrictions further down -->
151
<jid>admin@localhost</jid>
286
<jid>admin@localhost.localdomain</jid>
154
289
<!-- These JIDs can send broadcast messages (announce, motd) -->
156
291
<acl type='broadcast'>
157
<jid>nocstaff1@localhost</jid>
158
<jid>nocstaff2@localhost</jid>
292
<jid>nocstaff1@localhost.localdomain</jid>
293
<jid>nocstaff2@localhost.localdomain</jid>
209
349
this is usually handled by the "deliver" module. -->
210
350
<chain id='in-sess'>
211
351
<module>validate</module> <!-- validate packet type -->
352
<module>status</module> <!-- update status information -->
212
353
<module>privacy</module> <!-- manage privacy lists -->
213
354
<module>roster</module> <!-- handle roster get/sets and s10ns -->
214
355
<module>vacation</module> <!-- manage vacation settings -->
215
356
<module>iq-vcard</module> <!-- store and retrieve the user's vcard -->
357
<module>iq-ping</module> <!-- return the server ping -->
216
358
<module>iq-private</module> <!-- manage the user's private data store -->
217
359
<module>disco</module> <!-- respond to agents requests from sessions -->
360
<module>amp</module> <!-- advanced message processing -->
218
361
<module>offline</module> <!-- if we're coming online for the first time, deliver queued messages -->
219
362
<module>announce</module> <!-- deliver motd -->
220
363
<module>presence</module> <!-- process and distribute presence updates -->
250
393
session-manager-wide services (like service discovery). -->
251
394
<chain id='pkt-sm'>
252
395
<module>iq-last</module> <!-- return the server uptime -->
396
<module>iq-ping</module> <!-- return the server ping -->
253
397
<module>iq-time</module> <!-- return the current server time -->
254
398
<module>iq-version</module> <!-- return the server name and version -->
399
<module>amp</module> <!-- advanced message processing -->
255
400
<module>disco</module> <!-- build the disco list; respond to disco queries -->
256
401
<module>announce</module> <!-- send broadcast messages (announce, motd, etc) -->
257
402
<module>help</module> <!-- resend sm messages to administrators -->
258
403
<module>echo</module> <!-- echo messages sent to /echo -->
404
<module>status</module> <!-- track status information -->
405
<module>presence</module> <!-- proces server presence subscriptions -->
261
408
<!-- pkt-user. The modules in this chain are called when a packet
314
463
<module>privacy</module> <!-- delete privacy lists -->
315
464
<module>roster</module> <!-- delete roster -->
316
465
<module>vacation</module> <!-- delete vacation settings -->
466
<module>status</module> <!-- delete status information -->
317
467
<module>iq-last</module> <!-- delete last logout time -->
318
468
<module>iq-private</module> <!-- delete private data -->
319
469
<module>iq-vcard</module> <!-- delete vcard -->
472
<!-- disco-extend. The modules in this chain are called when a disco
473
info request is send to session manager. It implements XEP-0128
474
Service Discovery Extensions mechanizm to add additional
475
information to disco#info reply. -->
476
<chain id='disco-extend'>
477
<module>iq-version</module> <!-- add XEP-xxxx Software Information -->
478
<module>help</module> <!-- add XEP-0157 Contact Addresses -->
324
483
<!-- Service discovery configuration -->
387
569
<!-- Templates. If defined, the contents of these files will be
388
570
stored in the users data store when they are created. -->
572
<!-- Uncomment <publish> if you wish to forcely publish
573
roster template from ldap on each user login -->
577
<!-- If <check-remove-domain> given, then published contact checked
578
against sm user database and if user is unknown to sm, contact
579
will be deleted from user's roster (if it is in roster). -->
581
<check-remove-domain>jabber.example.com</check-remove-domain>
583
<!-- Keep cache of "active" database specified number of seconds.
584
This will significantly speed up publishing of roster.
585
If unspecified or 0, no cache is used. -->
586
<active-cache-ttl>60</active-cache-ttl>
587
<!-- If <fix-subscriptions/> is not commented, set subscriptions of
588
user's contacts to subscriptions of corresponding published
589
contacts. As for now, "both". -->
593
<!-- If <override-names/> is not commented, then displayed names of
594
contacts in user's roster will be updated accordingly to
595
published roster (if they differ). If commented, then user can
596
rename contacs in roster -->
600
<!-- when mapped-groups is on (<map-groups/> is uncommented, the actual
601
group names for published contacts are read from
602
published-roster-groups storage type, which in turn may be mapped
603
to ldapvcard driver. The key for searching is published user's
604
group, and returned value is used as group name. So you can assign
605
textual group IDs to users rather then group names.
606
group-cache-ttl keeps cache of mapping group id <-> group name for
607
specified number of seconds. If unspecified or 0, no cache is used.
612
<group-cache-ttl>120</group-cache-ttl>
615
<!-- If <force-groups> is commented out, published roster's contact
616
added to user's roster only when user does not have this contact.
617
If <force-groups> is not commented out, then these checks performed
618
against roster item when publishing roster item that already in
620
If user already has added his roster's contact to group of
621
published contact, no changes are made with this group (note
622
that contact may be in more than one group).
623
If <prefix> given, then prefix of each group of user's compared
624
whith given prefix, and if it matches, user's contact removed from
625
matched group (see below).
627
After that, user's contact added to a group of published roster's
629
In other words, all groups of updated contact, that match prefix
630
or suffix, replaced with group of published contact.
631
This is done because there is no way to determine that group was
632
published or greated by user. -->
635
<prefix>MyOrg.</prefix>
636
<suffix>(MyOrg)</suffix>
643
<!-- If you defined publish, you should comment <roster> -->
391
645
<roster>@sysconfdir@/templates/roster.xml</roster>
650
<!-- Advanced Message Processing module configuration -->
652
<!-- You can disable some actions -->
662
<!-- You can disable some conditions -->
671
<!-- You need to enable this if your server has offline storage disabled -->
673
<offlinestoragedisabled/>
677
<!-- Offline module configuration -->
679
<!-- Do not store messages in offline store -->
684
<!-- Store headline messages in offline store -->
689
<!-- Do not store subscription requests in offline store -->
694
<!-- Offline storage message quota.
695
Specifies how many messages will be stored in user offline store -->
697
<userquota>500</userquota>
701
<!-- roster module configuration -->
703
<!-- maximum items per user roster -->
705
<maxitems>100</maxitems>
709
<!-- status module configuration -->
711
<!-- presence service resource
712
disabled when commented out -->
714
<resource>webstatus</resource>