%override_global.
%override_local.
%override_acls.

% Users that have admin access.  Add line like one of the following after you
% will be successfully registered on server to get admin access:
%{acl, admin, {user, "aleksey"}}.
%{acl, admin, {user, "ermine"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
% You could replace {allow, all} with {deny, all} to prevent user from using
% in-band registration
{access, register, [{allow, all}]}.

% None username can be registered via in-band registration:
%{access, register, [{deny, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
 {"Welcome!",
  "Welcome to ALT Linux Jabber Service hosted on ejabberd server.  "
  "For information about Jabber visit http://jabber.org"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
%                         "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.


% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
	       {allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
		      {normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

% Authentification method.  If you want to use internal user base, then use
% this line:
{auth_method, internal}.

% For LDAP uthentification use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["localhost"]}.      % List of LDAP servers
%{ldap_uidattr, "uid"}.              % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}.   % Base of LDAP directory
%{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
%{ldap_password, "******"}.          % Password to LDAP manager

% For authentication via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentication/script"}.

% For authentication via ODBC use the following:
%{auth_method, odbc}.
%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.

% Host name: (replace for your hostname)
{host, "localhost"}.

% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.

% Anonymous login support:
%  auth_method: anonymous
%  anonymous_protocol: sasl_anon|login_anon|both
%  allow_multiple_connections: true|false
%{host_config, "public.example.org", [{auth_method, anonymous},
%                                     {allow_multiple_connections, false},
%                                     {anonymous_protocol, sasl_anon}]}.
% To use both anonymous and internal authentication:
%{host_config, "public.example.org", [{auth_method, [anonymous, internal]}]}.

% Default language for server messages
{language, "en"}.

% Listened ports:
{listen,
% Ordinary client-2-server service
 [{5222, ejabberd_c2s,     [{access, c2s},
                            {shaper, c2s_shaper},
                            {max_stanza_size, 65536},
                            starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
                            ]},

% SSL-enabled client-2-server service
  {5223, ejabberd_c2s,     [{access, c2s},
                            {shaper, c2s_shaper},
                            {max_stanza_size, 65536},
                            tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
                            ]},

% Server-2-server service
  {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
                            {max_stanza_size, 131072}
                           ]},

% External MUC jabber-muc (but internal mod_muc is better :))
% {5554, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {host, "muc.localhost", [{password, "secret"}]}
%                          ]},

% Jabber ICQ Transport
% {5555, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {hosts, ["icq.localhost", "sms.localhost"], [{password, "secret"}]}
%                          ]},

% AIM Transport
% {5556, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {host, "aim.localhost", [{password, "secret"}]}
%                          ]},

% MSN Transport
% {5557, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {host, "msn.localhost", [{password, "secret"}]}
%                          ]},

% Yahoo! Transport
% {5558, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {host, "yahoo.localhost", [{password, "secret"}]}
%                          ]},

% External JUD (internal is more powerful,
% but doesn't allow to register users from other servers)
% {5559, ejabberd_service, [{ip, {127, 0, 0, 1}},
%                           {access, all},
%                           {host, "jud.localhost", [{password, "secret"}]}
%                          ]},

% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
  {5280, ejabberd_http,    [http_poll, web_admin]}

% End of Listened ports
]}.

% Use STARTTLS+Dialback for S2S connections
%{s2s_use_starttls, true}.
%{s2s_certfile, "/etc/ejabberd/ssl.pem"}.
%{domain_certfile, "example.org", "/etc/ejabberd/example_org.pem"}.
%{domain_certfile, "example.com", "/etc/ejabberd/example_com.pem"}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

% Used modules:
{modules,
 [
  {mod_register,       [{access, register}]},
  {mod_roster,         []},
  {mod_privacy,        []},
  {mod_configure,      []}, %Depends on mod_adhoc
  {mod_configure2,     []},
  {mod_disco,          []},
  {mod_stats,          []},
  {mod_vcard,          []},
  {mod_offline,        []},
  {mod_announce,       [{access, announce}]}, % Depends on mod_adhoc  
  {mod_echo,           [{host, "echo.localhost"}]},
  {mod_private,        []},
  {mod_irc,            []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
  {mod_muc,            [{access, muc},
		        {access_create, muc},
		        {access_admin, muc_admin}
                       ]},
%  {mod_muc_log,       []},
%  {mod_shared_roster, []},
  {mod_pubsub,        [{access_createnode, pubsub_createnode}]},
  {mod_time,          []},
  {mod_last,          []},
  {mod_version,       []}

% End of Modules
]}.