Configuring ejabberd multi-user chatrooms

February 12, 2021 – Samuli Seppänen

Ejabberd is a very flexible and scalable XMPP server. We use it because it can be configured using a simple yaml configuration file and managed via ejabberdctl commands. This makes it a good fit for our infrastructure as code approach. That said, ejabberd does require one to understand the XMPP protocol/jargon as it does not abstract away any of it. So simple things like creating chatrooms, limiting access to them and playing history backlog to users who connected them can be an effort if you've never done it.

Ejabberd is very modular. To get an idea check the Module options page. Almost everything is a module, including multi-user chatroom support, which handled by mod_muc. To configure room options with ejabberdctl (e.g. make a room "members_only") you also need mod_muc_admin.

Access to the multi-user chat feature can be limited to certain users using mod_muc's access options that utilize access rules. These access controls are global so if a user is not in the allow list he/she will not have any access to any chat rooms on the server.

Multi-user chat room have a set of room options. These are documented well in the mod_muc documentation under "default room options" which get inherited by every new room. Changes made to default room options will not propagate to existing rooms, though.

In our case we wanted to have one public room and one private "members only" room where users were explicitly "affiliated" with the room. With the default ejabberd settings creating a public room is quite trivial:

ejabberdctl create-room public conference.chat.example.org chat.example.org

To create a private (members only) room more work is needed. First get a list of users on your XMPP server (cluster):

ejabberdctl registered_users chat.example.org
admin
yoda
luke.skywalker
han.solo
obiwan.kenobi

Create the room:

ejabberdctl create-room private conference.chat.example.org chat.example.org

Make the room members only:

ejabberdctl change_room_option private conference.chat.example.org members_only true

Add members to the room:

ejabberdctl set_room_affiliation private conference.chat.example.org [email protected] member
ejabberdctl set_room_affiliation private conference.chat.example.org [email protected] member

Now poor Han Solo will not be able to join this "Jedi-only" room.

ejabberdctl get_room_affiliations private conference.chat.example.org
luke.skywalker  chat.example.org        member
obiwan.kenobi   chat.example.org        member
yoda            chat.example.org        owner

The creator of the room, here "yoda", is allowed access automatically. It seems that ejabberdctl makes the local system user the room was created as the room owner.

At this point it makes sense to verify the room options:

ejabberdctl get_room_options private conference.chat.example.org

Cross-reference the options against mod_muc's default_room_options documentation to make sure everything is configured as you wish.

You may also want to make your rooms persistent, so that they don't get destroyed even if all members disconnect:

ejabberdctl change_room_option public conference.chat.example.org persistent true
ejabberdctl change_room_option private conference.chat.example.org persistent true

For a full list of multi-user chat admin commands refer to muc_admin documentation.

Want to talk to an expert?

If you want to reach us, just send us a message or book a free call!
Categories

Tags

#aad #Access #acl #alertmanager #ansible #ansible module development #Apache #API #augeas #authentication #authorization #automation #automatization #aws #azure #backup #bash #bitbucket #buildbot #cache #centos #cloud #cloud-init #cloudflare #cloudfront #cluster #connectionsJpa #control repo #custom fact #database #debian #devops #digital sovereignty #DNS #docker #domain mode #duplo #ejabberd #email #encryption #erb #europe #eyaml #fabric #facter #facts #fargate #fedora #file #finnish #foreman #freeipa #git #github #gitlab #gnome #google #grafana #hammer #hiera #IAM #import #infinispan #Infrastructure as Code #ipmi #irc #jboss #jdk #jenkins #JMESPath #kanban #keycloak #librarian-puppet #librenms #linkedin #Linux #Location #loop #marketing #mautic #Mellon #mfa #monitoring #mysql #nagios #network-manager #oauth #oauth2 #office365 #open source #openvpn #oxygen #packer #paranormal #pdk #people #php #pkcs7 #pomodoro #Powershell #preseed #presentation #profiles #prometheus #provisioning #puppet #puppet-bolt #puppet-litmus #puppetboard #puppetdb #Puppetfile #puppetserver #puppet types and providers #pxeboot #qemu #quality #r10k #recruitment #redirect #Restrict #Reverse Proxy #roles #rspec #ruby #SAML #sem #shell #showsql #snmp #snmpd #software developement #spam #ssh #sso #standardization #systemd #systemd-resolved #teams #terraform #ubuntu #user-data #vagrant #vanity awards #variable #vim #virtualbox #visualstudio #webdevelopment #wildfly #Windows #wireguard #wordpress #workflow #x11 #xmpp #zimbra
We are
 Puppeteers
menucross-circle