powered by Jive Software

Active directory and admin user


i have installed and configed an Openfire.but i can’t work. There are two question:

The first,ican’t get users from the group Domain Users under Users.

The nest,i can’t login in the admin console with my Username Administrator and pwd.when testing in configing,it’s run.

How can i do?

Please help me.thanks

Have you run the web configuration for LDAP?

Did you test your LDAP settings to make sure they passed?

Look in your openfire.xml file to verify which ID you listed as the administrator for the server.

If you have done all this please post specific errors you are getting, and maybe the modified openfire.xml (change confidential things to maintain security).

While not directly related to OpenFire, using the Domain Users group rarely succeeds in any product that integrates with AD via LDAP. Currently, my Domain Users group shows 3 users, out of 300+ that belong to that group. Most products I use that use LDAP integration cannot see anybody (or only a few) members of the Domain Users group. Some, like Track-IT! specifically forbid use of this group for authorization and user sync. If you want one big pool of everyone in the directory, create a “jabber” or “im” group in Active Directory and add users to that group.

Also, follow the setup all the way through adding users from the Active DIrectory when setting up. You can also modify the following line in openfire.xml to add your AD users. Be sure to use the sAMAccountName, not the cn or dn

Like this:

Hope this helps…

Excactly the same problem here! I have an Active Directory-like Samba/OpenLDAP database. Setup and connection to LDAP are successful, users can chat. But the users configured as administrators cannot connect to the admin console of openfire. And yes, i have doublechecked that in openfire.xml.

Maybe I got something wrong how to make someone an administrator. In LDAP, people are listed like this: uid=Prename.Surname,ou=Users,dc=example,dc=com

So the openfire.xml they should be configured like that: <admin><authorizedUsernames>Prename.Surname</authorizedUsernames ></admin> or am I wrong about this?

I also checked the network and sniffed it with tcpdump and netstat. When I try to connect to the admin console, no request is made to my LDAP-Server. And there is also nothing in my logfiles (despite <ldapDebugEnabled>true</ldapDebugEnabled> ).

So, what may be wrong? I’m using openfire 3.3.3

If your sAMAccountname is prename.surname then yes. If not, change it

If you mean bei uid the CN (aka what is shown in AD) this is NOT what you need here!

I’m not sure if you maybe need to escape the “.” in the middle.

What happened when you added your first user in the setupwizard? Did the test succeed?

BTW, Openfire just needs the value of sAMAccountname, not the whole DN.

Thanks for your reply. What do you mean by “sAMAccountname”? There’s no such LDAP-attribute in my LDAP-server… But Prename.Surname is what users need to login to Samba.

When I add users to the administrators-list in the setup-wizard and check if they can connect, the check succeeds. But when I try to login with the same data to the admin console, I only get an error.

I’m sure that the dot is not a problem, because the user with username “Administrator” is also unable to connect to the admin-console.

sAMAccountName is an Active Directory thing. It sounds like you’re not using AD.

That’s what I already said It’s an openLDAP which acts as account storage for a Samba server. openLDAP for Samba has about the same structure as an AD.