ejabberdejabberd-auth

Ejabberd external auth with python is giving timeout error


I'm getting below error message in error.log of ejabberd when i try to authenticate through an external python script (Tried with java also).

External script is succesfully receiving inputs from ejabberd and processing it how it should. But it takes a long time to receive the input in external script , by that time ejabberd gets timedout.

Error Log:

2023-03-18 18:01:27.127906+00:00 [error] <0.925.0>@ejabberd_auth_external:failure/4:103 External authentication program failed when calling 'check_password' for vipin@xmpp.mydomain.org: timeout   
2023-03-18 17:46:12.699876+00:00 [error] <0.667.0>@supervisor:do_restart/3:736 SUPERVISOR REPORT:
            supervisor: {local,'extauth_pool_xmpp.mydomain.org'}
            errorContext: child_terminated
            reason: normal
            offender: [{pid,<0.668.0>},
                       {id,'extauth_pool_xmpp.mydomain.org_1'},
                       {mfargs,{extauth,start_link,
                                        ['extauth_pool_xmpp.mydomain.org_1',
                                         "/usr/bin/python3 /home/ejabberd/external-auth.py"]}},
                       {restart_type,permanent},
                       {significant,false},
                       {shutdown,5000},
                       {child_type,worker}]

External auth configuration in ejabberd.yml :

auth_method: external
extauth_program: "/usr/bin/python3 /home/ejabberd/external-auth.py"
extauth_pool_size: 1

I'm using ejabberd/ecs docker image. Copied python script inside the custom docker image created from ejabberd/ecs.

Any help much appreciated


Solution

  • I created a container from image ejabberd/ecs:latest

    Copied your three configuration lines, and the example script from the documentation, ejabberd complains at start:

    main_1  | sh: exec: line 0: /usr/bin/python3: not found
    main_1  | 2023-03-20 17:02:10.958586+00:00 [error] Failed to start external authentication program '/usr/bin/python3 /home/ejabberd/external-auth.py'
    main_1  | 2023-03-20 17:02:10.958801+00:00 [error] SUPERVISOR REPORT:
    main_1  |     supervisor: {local,extauth_pool_localhost}
    main_1  |     errorContext: child_terminated
    main_1  |     reason: normal
    main_1  |     offender: [{pid,<0.660.0>},
    main_1  |                {id,extauth_pool_localhost_1},
    main_1  |                {mfargs,{extauth,start_link,
    main_1  |                                 [extauth_pool_localhost_1,
    main_1  |                                  "/usr/bin/python3 /home/ejabberd/external-auth.py"]}},
    main_1  |                {restart_type,permanent},
    main_1  |                {significant,false},
    main_1  |                {shutdown,5000},
    main_1  |                {child_type,worker}]
    main_1  | 
    main_1  | sh: exec: line 0: /usr/bin/python3: not found
    

    So I add python3:

    apk add python3
    

    Now ejabberd starts correctly. When I try to login to an existing account, it logins correctly:

    main_1  | 2023-03-20 17:05:04.394536+00:00 [info] (<0.720.0>)
              Accepted connection [::ffff:172.18.0.1]:38496
              -> [::ffff:172.18.0.5]:5222
    main_1  | 2023-03-20 17:05:04.502243+00:00 [info] (tls|<0.720.0>)
              Accepted c2s PLAIN authentication for admin@localhost
              by external backend from ::ffff:172.18.0.1
    main_1  | 2023-03-20 17:05:04.531838+00:00 [info] (tls|<0.720.0>)
              Opened c2s session for admin@localhost/tka1
    

    I use this docker-compose.yml

    version: '3.7'
    
    volumes:
      main_conf:
        name: main_conf
      main_logs:
        name: main_logs
      main_data:
        name: main_data
      main_uplo:
        name: main_uplo
    
    services:
    
      main:
        image: ejabberd/ecs:latest
        environment:
          - ERLANG_NODE_ARG=ejabberd@main
          - ERLANG_COOKIE=dummycookie123
          - CTL_ON_CREATE=register admin localhost asd
          - CTL_ON_START=stats registeredusers ;
                         status
        command: ["foreground"]
        healthcheck:
          test: netstat -nl | grep -q 5222
          start_period: 5s
          interval: 5s
          timeout: 5s
          retries: 120
        ports:
          #- "4369-4399:4369-4399"
          - "5222:5222"
          - "5269:5269"
          - "5280:5280"
          - "5443:5443"
        volumes:
          - main_conf:/home/ejabberd/conf
          - main_data:/home/ejabberd/database
          - main_logs:/home/ejabberd/logs
          - main_uplo:/home/ejabberd/upload
          - ./bin/ejabberdctl:/home/ejabberd/bin/ejabberdctl:ro
          - ./conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:rw