Acitve Directory and Openfire Problem

brenda · April 19, 2007, 8:08am

I just installed Openfire and am trying to configure with the LDAP option. I am new to all of this so it could be something very simple that I am doing wrong. In the Connection settings when I TEST Settings I get

ERROR AUTHENTICATING WITH LDAP Server.

I looked at the openfire.conf file and was just going to put what the LDAP Guide says to but the file looks different from the old wildfire conf.

Does anyone know what I would be getting an error authenticatig with the ldap server?

Does anyone have an example of the openfire conf file that I could use for help in knowing where to add stuff?

thanks!

visio · April 20, 2007, 6:15pm

before you try integrating with AD make sure you

Have a user account created on the domain to use for the server

example: I have a user account called ‘‘Openfire’’ that has no rights to do anything, but its needed for OpenFire to bind and read the list of users

Know your OU structure.

brenda · April 23, 2007, 7:37am

Thank you.

The xmpp clients can not connect in fact I get “Server not Found” ever since I made the server a DC. Nobody here knows about integrating Openfire or XMPP with AD. Any info or pointers to documentation would help. thank you!

papawu · April 23, 2007, 10:35am

Are you running openfire on your DC? Can you telnet to the DC using port 389? In a command prompt run “telnet DCip 389”, without the quotes.

brenda · April 23, 2007, 11:30am

Hi,

The telnet failed on that port.

brenda · April 23, 2007, 11:33am

Yes Openfire is on the DC. I tried the telnet and it did fail. Using Server 2003 and it activated the firewall when I promoted it to config AD but I disabled it because I could not login via Remote terminal…

What does the telnet failure mean?

thank you

papawu · April 23, 2007, 11:56am

You have the firewall turned on, on your DC? Make sure you put port 389 as an exception. See if you can telnet locally on the DC to port 389. If you can’'t locally then somehow LDAP is turned off on your DC.

Also, I don’‘t think it is smart to have Openfire running on your DC. Your DC’'s are the most important server to have on your network. You never know, Openfire may go resource hungry or maybe a vulnerability is found and now you are down a DC.

Scott_Miller · April 23, 2007, 12:12pm

Are you using Active Directory integrated DNS, or are you ONLY using a DNS from another machine… If your clients cannot see the server, and you made a new Domain Controller with Active Directory Integrated DNS and your clients now are using that server for DNS servicing, then it would be as simple as adding a host (a) record into your DNS table… You also could try just going to a client and trying to connect to the server by ip address to rule out any type of firewall or routing issues…

Scott

brenda · April 23, 2007, 2:51pm

hi thank you. I am actually on a virtual server creating a testbed for an experiment. I needed to use AD so hence the promotion to DC. no firewall on.

brenda · April 23, 2007, 2:59pm

thank you. I have a forward to a dns server from the Openfire machine, which I had to promote to DC because I needed to use AD. Turns out DNS server did not have an entry for my openfire machine. They forgot to add it.