\documentclass[a4paper,11pt]{report}

	\input{../includes/headers_global.tex}

	\def\sitename{Debian GNU/Linux :: Serveur }
	\def\shorttitre{Jabber}
	\def\titre{Serveur jabber}
	\def\autheur{Matthieu Vogelweith}
	\def\subject{Mise en place d'un serveur Jabber sous Debian GNU/Linux}
	\def\keywords{Debian, Linux, Matthieu, Vogelweith, Serveur, Lenny, Jabber, XMPP, Ejabberd}

	\input{../includes/headers.tex}

\begin{document}

\renewcommand{\bibname}{R\'ef\'erences}

\begin{titlepage}
	\maketitle
\end{titlepage}

\chapter*{Résumé}

Installation d'un serveur de messgaerie instantannée Ejabberd 2 \cite{ejabberd} sous Debian GNU/Linux Lenny\cite{debian}.\\

\input{../includes/licence.tex}

\tableofcontents
		
\chapter{Présentation}

\chapter{Installation}

- Installation

\vspace{1em}
\begin{lstlisting} 
# aptitude install ejabberd
\end{lstlisting}
\vspace{1em}

\chapter{Enregistrements DNS}

\vspace{1em}
\begin{lstlisting} 
; Jabber
$ORIGIN example.org.
jabber              IN      A               xx.xx.xx.xx
_jabber._tcp        IN      SRV 5 0 5269    jabber
_xmpp-server        IN      SRV 5 0 5269    jabber
_xmpp-client._tcp   IN      SRV 5 0 5222    jabber
\end{lstlisting}
\vspace{1em}

\chapter{Configuration}

\section{Paramètres par défaut}

Dans /etc/default/ejabberd

\vspace{1em}
\begin{lstlisting}
SMP=auto 
\end{lstlisting}
\vspace{1em}

\section{Configuration générale}

Dans /etc/ejabberd/ejabberd.cfg

\vspace{1em}
\begin{lstlisting} 
%% Hostname
{hosts, ["example.org"]}.
\end{lstlisting}
\vspace{1em}

Désactivation de l'enregistrement en ligne

\vspace{1em}
\begin{lstlisting}
{language, "fr"}.
\end{lstlisting}
\vspace{1em}

\section{Authentification LDAP}

\vspace{1em}
\begin{lstlisting} 
%{auth_method, internal}.
{auth_method, ldap}.
{ldap_servers, ["localhost"]}.
{ldap_base, "ou=Users,dc=vogelweith,dc=com"}.
{ldap_uids, [{"mail", "%u@vogelweith.com"}]}.
{ldap_filter, "(&(objectClass=shadowAccount)(mailalias=jabber_users@vogelweith.com))"}.
\end{lstlisting}
\vspace{1em}

\section{Cartes de visites LDAP}

Remplissage automatique des VCARD.

\vspace{1em}
\begin{lstlisting} 
    {mod_vcard_ldap,
     [
      %% We use the same server and port, but want to bind anonymously because
      %% our LDAP server accepts anonymous requests to
      %% "ou=AddressBook,dc=example,dc=org" subtree.
      {ldap_rootdn, ""},
      {ldap_password, ""},
      %% define the addressbook's base
      {ldap_base, "ou=Users,dc=example,dc=com"},
      %% user's part of JID is located in the "mail" attribute
      {ldap_uidattr, "uid"},
      %% We have to define empty filter here, because entries in addressbook does not
      %% belong to shadowAccount object class
      {ldap_filter, ""},
      %% Now we want to define vCard pattern
      {ldap_vcard_map,
       [{"NICKNAME",  "%s %s", ["givenName", "sn"]}, % just use user's part of JID as his nickname
        {"GIVEN", "%s", ["givenName"]},
        {"FAMILY", "%s", ["sn"]},
        {"FN", "%s %s", ["givenName", "sn"]}, % example: "Smith, John"
        {"EMAIL", "%s", ["mail"]},
        {"BDAY", "%s", ["birthDay"]}]},
      %% Search form
      {ldap_search_fields,
       [{"User", "%u"},
        {"Name", "givenName"},
        {"Family Name", "sn"},
        {"Email", "mail"},
        {"Birthday", "birthDay"}]},
      %% vCard fields to be reported
      %% Note that JID is always returned with search results
      {ldap_search_reported,
       [{"Full Name", "FN"},
        {"Nickname", "NICKNAME"},
        {"Birthday", "BDAY"}]}
    ]}
\end{lstlisting}
\vspace{1em}

\chapter{Administration Web}

Ejabberd est fournit avec un petit serveur web qui propose une insterface d'administration pour le service. Par défaut, ce serveur web écoute sur le port 5280 de la machine locale. Pour simplifier l'accès à cette interface et pour éviter d'ouvrir un port supplémentaire sur le firewall, le paragraphe suivant propose de créer un virtualhost apache qui fera également proxy pour accèder à l'interface d'administration.

    \section{Création d'un vhost}

- Activation du module proxy\_http de apache

\vspace{1em}
\begin{lstlisting} 
# a2enmod proxy_http
\end{lstlisting}
\vspace{1em}

- Dans /etc/apache2/sites-available/xx\_jabber :

\vspace{1em}
\begin{lstlisting} 
<VirtualHost *:80>

    ServerAdmin webmaster@example.org
    ServerName jabber.example.org
    ServerAlias jabber
    ServerSignature Off

    # Redirection vers le vhost en HTTPS
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*)$ https://%{SERVER_NAME}$1 [R=301,L]

</VirtualHost>

<VirtualHost *:443>

    ServerAdmin webmaster@example.org
    ServerName jabber.example.org
    ServerAlias jabber
    ServerSignature Off

    RedirectMatch ^/$ /admin/

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/ejabberd.pem

    <Proxy http://127.0.0.1:5280>
        Allow from all
    </Proxy>
    SSLProxyEngine on
    ProxyPreserveHost on
    ProxyPass /admin/ http://127.0.0.1:5280/admin/
    ProxyPassReverse /admin/ http://127.0.0.1:5280/admin/

    ErrorLog /var/log/apache2/jabber_error.log
    CustomLog /var/log/apache2/jabber_access.log combined

</VirtualHost>
\end{lstlisting}
\vspace{1em}

    \section{Contacts partagés}

Affichage automatique de tous les contacts
Dé-commenter la ligne :

\vspace{1em}
\begin{lstlisting} 
{mod\_shared\_rosters, []}
\end{lstlisting}
\vspace{1em}

Puis aller dans l'interface web http://jabber.example.org puis dans Virtual Hosts -> mondomaine.com -> Shared Roster\\
Ajouter alors un groupe en remplissant tous les champs et mettre @all@ dans les "group members".

\chapter{Sécurisation}
    
    \section{Support SSL}

- Edition de /etc/ssl/ejabberd.cnf :

\vspace{1em}
\begin{lstlisting} 
[ req ]
default_bits            = 2048
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
prompt                  = no
string_mask             = nombstr
x509_extensions         = server_cert

[ req_distinguished_name ]
countryName             = FR
stateOrProvinceName     = France
localityName            = Strasbourg
organizationName        = Example
organizationalUnitName  = Jabber Server
commonName              = jabber.example.org
emailAddress            = webmaster@example.org

[ server_cert ]
basicConstraints        = critical, CA:FALSE
subjectKeyIdentifier    = hash
keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, clientAuth
nsCertType              = server
nsComment               = "Jabber Certificate"
\end{lstlisting}
\vspace{1em}


- Création du certificat :

\vspace{1em}
\begin{lstlisting} 
# openssl req -x509 -new \
    -config /etc/ssl/ejabberd.cnf \
    -out /etc/ssl/certs/ejabberd.pem \
    -keyout /etc/ssl/certs/ejabberd.pem \
    -days 730 -nodes -batch
\end{lstlisting}
\vspace{1em}

    \section{Firewall}

\vspace{1em}
\begin{lstlisting} 
# Jabber
ACCEPT      all     $FW     tcp     5222
ACCEPT      all     $FW     tcp     5269
\end{lstlisting}
\vspace{1em}

\chapter{Configuration des clients}

    \section{Clients Linux}

- pidgin \cite{pidgin} \\
- empathy \cite{empathy} \\
- kopete \cite{kopete} \\
    
    \section{Clients Windows}
    
- pidgin \cite{pidgin} \\
- spark \cite{spark}

    \section{Clients MAC OS X}

- ichat \cite{ichat}

\clearpage
\nocite{*}
\bibliographystyle{unsrt}
\bibliography{\jobname}

\end{document}