HOWTO: Jabber configuration to hide "internal" groups in shared roster

[rholighaus]

A standard Zentyal 3.2 installation has lots of "internal" groups - I guess for Active Directory compatibility.
Unfortunately, those sort of mess up the Jabber roster.

To change settings, first create a custom template by copying /usr/share/zentyal/stubs/jabber/ejabberd.cfg.mas to /etc/zentyal/stubs/jabber/ejabberd.cfg.mas

Then edit the following section, altering the ldap_rfilter and ldap_gfilter lines:

% if ($sharedroster) {
  {mod_shared_roster_ldap, [
    {ldap_filter, ""},
    {ldap_rfilter, "(&(objectClass=posixGroup)(!(internal=1)))"},
    {ldap_gfilter, "(&(objectClass=posixGroup)(cn=%g)(!(internal=1)))"},
    {ldap_ufilter, "(&(uid=%u)(objectClass=userJabberAccount))"},
    {ldap_groupattr, "cn"},
    {ldap_groupdesc, "description"},
    {ldap_memberattr, "member"},
    {ldap_memberattr_format, "uid=%u,<% $usersDn %>"},
    {ldap_useruid, "uid"},
    {ldap_userdesc, "cn"}
  ]},

To make the changes effective, recreate the config files from the template and restart the jabber service:

  sudo /etc/init.d/zentyal jabber restart

Works like a charm for me and the Zarafa Webapp Chat windows is no longer clogged with groups that should be hidden.

[christian]

Nice input !
This approach should be used elsewhere too (if not already done) so that only significant information is displayed.

[RAB]

Modified this to read

% if ($sharedroster) {
  {mod_shared_roster_ldap, [
    {ldap_filter, ""},
    {ldap_rfilter, "(&(objectClass=posixGroup)(!(internal=1)))"},
    {ldap_gfilter, "(&(objectClass=posixGroup)(cn=%g)(cn=jabberusers)(!(internal=1)))"},
    {ldap_ufilter, "(&(uid=%u)(objectClass=userJabberAccount))"},
    {ldap_groupattr, "cn"},
    {ldap_groupdesc, "description"},
    {ldap_memberattr, "member"},
    {ldap_memberattr_format, "uid=%u,<% $usersDn %>"},
    {ldap_useruid, "uid"},
    {ldap_userdesc, "cn"}
  ]},

Now only the jabberusers group shows up.

Note that the group must have a description to show up in the shared roster.

[michelineney]

This is a really quality post. Can make a lot of people donotrealize thatother people have found and known as a sharedexperience around.

[CNServices]

Thank you to rholighaus and RAB (and to michelineney for "bumping" it). I look forward to trying this tweak out.

Edit: Had to fix a user name typo.

[adymeblack]

Thanks for the how-to. Makes the roster a lot easier to deal with. However, I'm sure there is a way to limit who end users see depending on group memberships.

For example, i would like to set this up for my employees and their supervisors. I would like the supervisors to have the ability to talk to anyone, while the employees only have the ability to talk to the supervisors.....and not each other.

Can anyone either explain, or point me in the direction of where i can find how to do that?

Thanks!