[JDEV] Jabber and user database
Steven Brown
swbrown at ucsd.edu
Thu Nov 7 16:21:34 CST 2002
> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]On Behalf Of
> Bart van Bragt
> Sent: Thursday, November 07, 2002 12:59 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Jabber and user database
> Curious if someone else can tell us how (non-)trivial it would be to
> link jabberd to another user database.
I recently did this for the UCSD ActiveCampus project (the students don't
know yet though) - link our web-based system that had its own concept of
buddies, IM, etc. to Jabber, so it could use Jabber like an IM appendage
while our system remains the primary 'server'. In our case it was a bit
more complicated, as I needed to mirror and forward login/status/messages
from users logged in to our web-based system, and users logged in via
Jabber, and possibly both at the same time. The 'use the accounts in our
PHP goo' part was pretty easy though, especially if you're ok with Jabber
having its own datastore for Jabbery stuff, as then you don't need to
rewrite the xdb layer. I wouldn't reccomend messing with xdb much if you
don't have to; mods to xdb_sql and such are almost certainly overkill.
I added a SOAP API to our PHP system using nusoap so I'd have a way to auth
users, took a stripped-down mod_auth_plain.c and converted it to compile
clean as C++, added a link to EasySoap (C++) to make SOAP calls to our PHP
code, and modified the auth mapi function to check with our server via SOAP
if an account was valid or not. One gotcha is that Jabber seems to expect
to know the plaintext password of the user, but many sites only store
hashes. I modified the xdb layer to always just return a junk string on
auth get, since it's not really needed anyway with this hack due to the SOAP
call in the auth module. If you're in my situation and don't know their
plaintext password, make sure to disable (comment out) all the other
auth/registration modules. The only client that seems to have a hard time
with forced plaintext is PSI, where you need to specifically say to use
plaintext (bug or security feature?).
More information about the JDev
mailing list