Shaper rules getting ignored

[Dunedan]

I'm encountering a weird problem with shaper rules. My goal is simple: Apply a different shaper rule to the ACL "admin" than to all other ACLs. The default shaper rules seem to express that already, however I haven't been able to make it work and instead of admins getting assigned "none" as shaper, they always get "normal" assigned instead.

To visualize this behavior I changed the "normal" shaper to have a fixed rate of 1, which is too low for connections to succeed. However, as admins should have no shaper configured, I'd expect admins to be still able to connect. Unfortunately that's not the case and connections fail for admins as well.

Here is my diff to the configuration shipped with the Docker image (ghcr.io/processone/ejabberd):

--- a/ejabberd.yml.orig
+++ b/ejabberd.yml
@@ -86,24 +86,27 @@ listen:
     module: mod_mqtt
     backlog: 1000
 
 s2s_use_starttls: optional
 
 acl:
   local:
     user_regexp: ""
   loopback:
     ip:
       - 127.0.0.0/8
       - ::1/128
+  admin:
+    user:
+      - "admin@localhost"
 
 access_rules:
   local:
     allow: local
   c2s:
     deny: blocked
     allow: all
   announce:
     allow: admin
   configure:
     allow: admin
   muc_create:
@@ -135,26 +138,25 @@ api_permissions:
       - "*"
       - "!stop"
       - "!start"
   "public commands":
     who:
       ip: 127.0.0.1/8
     what:
       - status
       - connected_users_number
 
 shaper:
   normal:
-    rate: 3000
-    burst_size: 20000
+    rate: 1
   fast: 100000
 
 shaper_rules:
   max_user_sessions: 10
   max_user_offline_messages:
     5000: admin
     100: all
   c2s_shaper:
     none: admin
     normal: all
   s2s_shaper: fast
 

Running the docker container with that adjusted configuration and trying to connect with any XMPP client afterwards is sufficient to show the problem and results in the client not being able to connect.

docker run --name ejabberd -d -v $(pwd)/ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml -p 5222:5222 ghcr.io/processone/ejabberd
docker exec -it ejabberd ejabberdctl register admin localhost passw0rd

Am I doing something wrong here or are shapers broken?

[prefiks]

It works on my test server, issue that you see here may be from using normal shaper until user authenticates, and with that definition, session startup may not progress to after authentication is done, and where shaper is updated.

[Dunedan]

That has been it. Thanks for your answer.