Jabber servers - any experiences?

by Juliet Kemp

A request for opinion/experience today: does anyone have experience of running (local) Jabber servers under Linux? (Debian, ideally).

I've been experimenting with setting up a Jabber server to run within our LAN. I tried Openfire and found it quite hard work. Ejabberd worked better, but after running for a few hours on the same machine as our webserver, there were a lot of zombie blosxom.cgi processes and the webserver was no longer responding. I haven't definitely confirmed this behaviour as due to ejabberd, but am not terribly keen to experiment further on a live webserver. I will be trying it on another machine to see how that behaves; but in the meantime, a) has anyone else seen problems on a server running ejabberd? and b) can anyone recommend a Jabber server that is straightforward to set up, well-behaved once running, and supports chatrooms?

I would also very much like for it to hook into our LDAP/Kerberos setup. I gather that single-sign-on is a nonstarter (since gaim and other clients don't do GSSAPI), but being able to use the same usernames and passwords would be very useful. In theory both Openfire and ejabberd can be made to do this; in practice IME it doesn't work. Any thoughts on that would also be welcome!


24 Comments

Ian
2007-07-05 13:18:57
I've had fine luck with jabberd 1.4 - older code, no pretty admin gui (though Webmin does support it), but the multi-user chat and jabber user directory modules work and the xdb_auth_cpile module gives you really flexible authentication to just about anything.
Marc Mims
2007-07-09 14:11:13
I've used jabberd 1.4, as well, on a number of servers. Some installations run several gateways (for AIM, MSN, Yahoo, etc.). Contact me via e-mail if you have specific questions: marc at questright dot com.
Cameron Kennedy
2007-07-09 15:12:16
We have been using Jabberd 2.03 for sometime now with great success. We use a MySQL backend for rosters and use LDAP to have users login via their AD login credentials. VERY lightweight setup. Once it is working I have almost forgotten it is there. It just runs. We don't use chatrooms internally, though it is there. http://jabberd2.xiaoka.com/
sdk
2007-07-09 16:15:01
I set up an ejabberd server at my last job. Originally I tested it on a Debian box, but we used RHEL4.? in production. I don't ever recall having any problems with my web server while it was in testing, but when it was in production it was the only major service running on the box. I'd happily recommend ejabberd to someone looking to set up a jabber server.
Félim Whiteley
2007-07-09 16:19:52
I've run OpenFire or rather Wildfire as it was until recently for 2 years and been quite impressed. It doesn't have log management (unless you go enterprise) but it's XML logs are parsable if you have any XML skills (or know someone who does in my case !). Handled quite well and the interface is a godsend, plus AFAIR it links in nicely with AD/LDAP. We didn't use that at the time but I remember it being a part of it.


Reason I went for it was the lack of work...

Arun
2007-07-09 23:16:34
We use Openfire (Wildfire) here at work. I recommend it. Has a nice web interface and is easy to manage. And you have multiple backend choices.
tunax
2007-07-10 04:22:45
Been using wildfire and it's ok. Just be careful with their NIO module, cause it's not finished yet (but only useful to a very busy server - > than 3000 users).
Aaron KLemm
2007-07-10 10:37:33
I used ejabberd extensively and quite liked it. Performance was very good and it behaved nicely (i.e., was easy to administer). However, I was not able to get secure ldap (ssl nor tls) to work properly. Now, based on everything I've read, OpenFire looks most promising. In the next few weeks I'll have a test server running. Looks promising, though. Good luck!
Andrew Wilson
2007-07-10 14:08:14
I like Wildfire. It took minutes to set up and integrate into the LDAP.
Aristotle Pagaltzis
2007-07-10 16:35:50

Have you heard of DJabberd? It runs LiveJournal’s Jabber server and was written precisely to be easy to integrate into existing environments for all sorts of aspects of the protocol.

Vince
2007-07-11 07:14:35
We use Openfire here at work. The difference is we run Fedora in a virtual machine which runs Openfire on our Ubuntu server. I've been running it like this for a few years without any problems.
The first time I tried Openfire (Jive Messenger back then) we tried to run it in debian. There was some issues we were having using debian. The issues were connecting to the database and the startup script seemed to work sometimes.
This was a few years ago. Debian and Openfire might be more compatible now but I would recommend anyone using Openfire to use an RPM based distribution.
Here is a thread from Openfire forum that might help:
http://www.igniterealtime.org/forum/thread.jspa?messageID=116842&#116842
joe
2007-07-11 07:41:23
I've got my OpenFire just tied into PAM. I haven't really needed any of the other features of LDAP (the user/group info) so didn't bother doing any more then that.
Aredridel
2007-07-11 08:09:13
Ejabberd has been super stable for me, but boy is that config file syntax a head-twister.
Jason L
2007-07-11 12:37:25
We use openfire on a debian install. The spark client also has the capabilities of doing sso, I haven't had the time to work that one out though. I am so far impressed with openfire, its install and setup went very smooth and connecting to Active Directory was also easy. Openfire free version does everything we need, but my higher ups wanted to block file transfers so we had to upgrade to enterprise, otherwise the free version works very nicely.
A Jackson
2007-07-11 19:25:19
I use ejabberd with two virtuall domains, both checking users agains LDAP. Works great (a couple of thousend users in LDAP database, but not in the server).


I also run a ejabberd server with its own database for users, works great to. They will have distributed support, as Erlang support that. This will be good for uptime of the system.

Juliet Kemp
2007-07-12 06:31:29
Thanks for all the comments/suggestions!


ejabber does indeed hook into LDAP, as does Wildfire/Openfire; the trouble is that our auth stuff is in Kerberos rather than LDAP, and it doesn't seem immediately possible to disentangle the two.


joe - I tried PAM for ejabberd, but it's not in the default Debian install (requires a recompile). When I tried the recompile I got a stack of errors, and I don't fancy rewriting the module!


Aristotle - thanks for the recommendation, I'll have a look at it.


Unless Djabberd comes up with the LDAP/Kerberos goods, I think I'll stick with ejabberd on a different server, and accept that users will have to create new accounts. This is arguably safer re passwords, anyway.

db0
2007-07-15 05:46:35
If you care. take a look here for a guide I wrote a while back ago


http://www.dbzer0.com/the-penguin-migration/jabber/

Pixel
2007-07-15 09:07:16
I have done setups with OpenFire, ejabberd, and jabberd1.x/2 and I must say that I have have had far better luck with jabberd2 than any of the other servers. I have also foud that jabberd2 is the only server that seems to work with most clients/libraries available right now (Net:XMPP) for example. Although you can find workarounds to get them all working correctly I have always found jabberd2 requires the least amount of 'customization' to get it working.
Mike Hendrickson
2007-07-16 14:28:59
There is a Chapter from O'Reilly's Programming Jabber book that may have some relevance. It is online in Wiki format at:


https://www.wikicontent.com/wiki/index.php/JabChapter_3

Marc Seeger
2007-08-16 00:31:48
I set up Openfire in a Fedora Linux VM at my university (--> messi.mi.hdm-stuttgart.de).
Took some fiddling arround with the settings, but the LDAP integration is working fine now :)
Basically you only install Java (JRE 1.6 in my case) and start the server.
You could also use the provided rpm Packets. I think they include a version of the JRE.
After that it should be only web-interface clicking ^^
(or you have to work with the openfire.xml file as I had to...)
karthik
2007-08-21 00:13:27
Hi


I need the codes for the ldap login credentials in shell script

karthik
2007-08-21 00:16:16
My mail id is
skarthikbe2006@sify.com
Mickaël Rémond
2007-09-03 05:04:08
Hello,


Glad you tried ejabberd.
I can give you some tips in ejabberd if you contact me private (mremond, process-one.net).
ejabberd in its latest version works very well with LDAP, on large scale.


Cheers !

mikma
2007-09-20 04:12:29
You can do GSSAPI using Spark and ejabberd patched with ejabberd_gssapi.patch. The patch requires esasl, which in turn depends on GNU SASL. For more information refer to http://www.ejabberd.im/cyrsasl_gssapi.