I have a running ejabberd installation, with http-bind enabled, nginx proxy, and a mini jappix xmpp client for web browsers. I also have an external authentication program.
I can connect the same user on this server with different ressources if I use the classical 5222 port. But:
- If I have active sessions from classical xmpp clients (psi, empathy) for a given user I cannot connect this user with http-bind (401 authentication failure).
- I the first connection is made via http-bind no other connection can be done by other classical xmpp clients (and resources are of course different). I sometimes get the 401 already connected message
- I can only connect the same user in one browser, I cannot connect the same user several time on http-bind (resources are different on theses connections, but I also get a 401)
- I’m sure the external authentification program is never launched when I get theses auth failure
- max_user_sessions settings are ok (tested with infinity), and if I’m not connecting in http-bind I can run parallel sessions. But in case of I also tested the new resource_conflict setting values without any success (and it’s not a re’source conflict in fact)
Installation: ejabberd-2.1.10 Debian (from ejabberd-2.1.10-linux-x86-installer.bin, but same problem tested in x86_64 version).
Extract of configuration:
{5280, ejabberd_http, [
{request_handlers,
[
{["http_bind"], mod_http_bind}
]},
%%captcha,
http_bind,
%%http_poll,
web_admin
]}
On the logs, when this is happening I have:
=INFO REPORT==== 2012-01-27 10:18:55 ===
D(<0.335.0>:ejabberd_http_bind:684) : reqlist: [{hbr,154037,
"01775ec6fc089a2b0c84abb80a4b5b7b4bdd958d",
[]},
{hbr,154036,
"01775ec6fc089a2b0c84abb80a4b5b7b4bdd958d",
[{xmlstreamelement,
{xmlelement,
"stream:features",[],
[{xmlelement,
"mechanisms",
[{"xmlns",
"urn:ietf:params:xml:ns:xmpp-sasl"}],
[{xmlelement,
"mechanism",[],
[{xmlcdata,
"PLAIN"}]}]}]}},
{xmlstreamstart,
"stream:stream",
[{"version","1.0"},
{"xml:lang","fr"},
{"xmlns","jabber:client"},
{"xmlns:stream",
"http://etherx.jabber.org/streams"},
{"id","3595609800"},
{"from",
"tchat.example.com"}]}]}]
=INFO REPORT==== 2012-01-27 10:18:55 ===
D(<0.335.0>:ejabberd_http_bind:732) : really sending now: [{xmlelement,
"auth",
[{"xmlns",
"urn:ietf:params:xml:ns:xmpp-sasl"},
{"mechanism",
"PLAIN"}],
[{xmlcdata<<"bGRhcHVzZX(...)3">>}]}]
=INFO REPORT==== 2012-01-27 10:18:55 ===
I(<0.336.0>:ejabberd_c2s:649) : ({socket_state,ejabberd_http_bind,{http_bind,<0.335.0>,{{127,0,0,1},50992}},ejabberd_http_bind}) Failed authentication for foo38@tchat.example.com
=INFO REPORT==== 2012-01-27 10:18:55 ===
D(<0.337.0>:ejabberd_http_bind:916) : OutPacket: [{xmlstreamelement,
{xmlelement,"failure",
[{"xmlns",
"urn:ietf:params:xml:ns:xmpp-sasl"}],
[{xmlelement,
"not-authorized",[],
[]}]}}]
=INFO REPORT==== 2012-01-27 10:18:55 ===
D(<0.337.0>:ejabberd_http_bind:1054) : --- outgoing data ---
<body xmlns='http://jabber.org/protocol/httpbind'><failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure></body>
So is this a “feature” in http-bind ? making it the only valid Resource for a given user while activated? And how to run several http-binded sessions for the same user if so? Any hints?
No there must be something wrong with your configuration. I have been successfully using ejabberd’s http-bind for a long time and of course you can have multiple connections with different resources and independently of other clients connecting. I also use nginx as a proxy. In you ejabberd.cfg you should have:
and
Also, in your logs I see
{"from", "tchat.example.com"}, which seems to indicate a missconfiguration.