Did you test your LDAP settings to make sure they passed?
Look in your openfire.xml file to verify which ID you listed as the administrator for the server.
If you have done all this please post specific errors you are getting, and maybe the modified openfire.xml (change confidential things to maintain security).
While not directly related to OpenFire, using the Domain Users group rarely succeeds in any product that integrates with AD via LDAP. Currently, my Domain Users group shows 3 users, out of 300+ that belong to that group. Most products I use that use LDAP integration cannot see anybody (or only a few) members of the Domain Users group. Some, like Track-IT! specifically forbid use of this group for authorization and user sync. If you want one big pool of everyone in the directory, create a “jabber” or “im” group in Active Directory and add users to that group.
Also, follow the setup all the way through adding users from the Active DIrectory when setting up. You can also modify the following line in openfire.xml to add your AD users. Be sure to use the sAMAccountName, not the cn or dn
Excactly the same problem here! I have an Active Directory-like Samba/OpenLDAP database. Setup and connection to LDAP are successful, users can chat. But the users configured as administrators cannot connect to the admin console of openfire. And yes, i have doublechecked that in openfire.xml.
Maybe I got something wrong how to make someone an administrator. In LDAP, people are listed like this: uid=Prename.Surname,ou=Users,dc=example,dc=com
So the openfire.xml they should be configured like that: <admin><authorizedUsernames>Prename.Surname</authorizedUsernames ></admin> or am I wrong about this?
I also checked the network and sniffed it with tcpdump and netstat. When I try to connect to the admin console, no request is made to my LDAP-Server. And there is also nothing in my logfiles (despite <ldapDebugEnabled>true</ldapDebugEnabled> ).
Thanks for your reply. What do you mean by “sAMAccountname”? There’s no such LDAP-attribute in my LDAP-server… But Prename.Surname is what users need to login to Samba.
When I add users to the administrators-list in the setup-wizard and check if they can connect, the check succeeds. But when I try to login with the same data to the admin console, I only get an error.
I’m sure that the dot is not a problem, because the user with username “Administrator” is also unable to connect to the admin-console.
That’s what I already said It’s an openLDAP which acts as account storage for a Samba server. openLDAP for Samba has about the same structure as an AD.