Active Directory and Wildfire

I downloaded Wildfire and Spark the other day and successfully installed it.

From reading the forums I’‘ve found it is able to be intergrated into our Active Directory, but after traweling various pages and the documentation I’‘ve tried and can’'t get it to work at all.

I’‘ve added the following to the wildfire.xml file and restarted the server - but can’'t login to the client or the admin console afterwards

I’'m now completely stuck and not quite sure where I should even be turning.

Regards

Alastair

Try changing usernameField to sAMAccountName. I posted a guide last year that may still be relevant (I posted it back when v2.2.0 came out).

I’‘ve followed your guide but still no luck. I’'ve even modifed my OU structure to try and help.

<!-- Group Settings -->
<groupSearchFilter><![CDATA[
  (&
    (objectClass=group)
    (memberOf=cn=JabberAccess,ou=Groups,ou=WSDOC,dc=wsdoc-ooh,dc=local)
    (member=)

)

]]>

</provider

Active Directory Users and Computers

  • wsdoc-ooh.local

  • Users

jabberadmin

  • WSDOC

  • applications

  • groups

jabberaccess

wsdocoffice

  • users

wellera (Alastair Weller)

smithj (John Smith)

Have I missed something out?

Thanks

Alastair

In your section

This was an NT domain that was upgraded to AD hence the baseDN of cn=Users,dc=example,dc=com I’'m unsure where the users would be in a “New” Active Directory installation.

Ok - I’'ve tried that and still no luck.

Should the users from AD show up in the web console.

Alastair

Here’'s our working setup with AD:

note we had to use sAMAccountName in 2 places.

Bob

Just noticed that your authentication providers seem wrong:

"

This was changed when the server name went from Jive Messenger to Wildfire.

I’'m still having no luck at all.

Really quite confused now as I seem to be doing everything suggested.

Alastair

I couldn’'t get it to work initially either, i had to change the port from 389 to 3268 and that worked for me. give it a shot

Woo! Port 3268 did it.

Thank you all.

Updates to my wildfire.conf below to help others:

<![CDATA[ (& (objectClass=group) (memberOf=cn=JabberAccess,ou=Groups,ou=WSDOC,dc=wsdoc-ooh,dc=local) (member=)

)

]]>

Thanks all.

Alastair

I have made the following changes to my config.xml file but wildfire doesn’'t appear to be using LDAP authentication - it is still using its internal user database. Can anyone please tell me what I need to do to get LDAP working

I am having the same issue

And I think I almost have it configured correctly

I think this because I have everything set in wildfire.xml, I can log into the Admin Console, when I view users, I can pull up everything i want from active directory. ex. users, groups, phone, address, other user info. All in the admin console.

I can log into spark from another machine with admin, and one user i set up before I started trying to integrate against AD. So both of those users are set up in the MySQL DB that I had to set up to install wildfire.

No one else can log in. for ex. I set up JabberAdmin before AD, that account can log in, an account in AD called ITTemp, get this error, “Invalid username and password”

Where am I going wrong???

Here is my wildfire.xml with generic info

  • <![CDATA[

(&

(objectCategory=Person)

(memberOf=dc=domain,dc=com)

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

(sAMAccountName=)
) ]]>

  • -
  • <![CDATA[ (&

(objectClass=group)
(memberOf=cn=jabbergroup,dc=domain,dc=com)
(member=)

)

]]>

Please help me, the boss has got me on a deadline

Please please please

Russell, not sure if this matters, but why are you using semi-colons in your baseDN? they should be commas. The adminDN should either look like this:

right? (if your active directory)

Jeff

where is your ou= in baseDN? Some don’'t have it, but start from the beginning and work down.

Second, comment your search filter until AFTER you successfully log in the first time. It eliminates what could be a dual source problem.

admin is the original wildfire account. Is ‘‘JabberAdmin’’ an AD account or one of the original ones you setup up prior to changing your script towards LDAP(AD)?

This tip will tell you if you are authenticating to AD. If your original user account (before you touched the wildfire.xml) can still log in, your xml file is not proper. When you get the file right, all local wildfire accounts will cease to function (admin, JabberAdmin). Your ITTemp account is not functioning because you are not really authenticating against LDAP. You can search against it because you have given the script a bonafide AD account to talk to AD with and your dc=domain,dc=com. Try this:

-->

-->

…snip…

Notice I added the AD account for admin console, changed the port to 3268, added the ou= entry, commented out your search filters. Try it now. If this doesn’'t work change the port back to 389. I think though the setup above should get you logged in with the AD account listed.

Jeff

Don’'t know why - but its all working now

Hi,

I followed you communication thread. th eone about Active Directory and Wildfire. I am very much a novice and deep in the woods. I did all the steps you did and still my wildfire server will not connect with my Active Directory to obtain the list of users. any suggestions? here is my file

<!adminConsole>

In your section

admin,wellera</authorizedUsernam

s>

In mine it has the full JID i.e. :

mhindt@example.com,

peter@example.com

mhindt:

The difference here is authorizedJIDs verses authorizedUsernames. One expects the full JID, the other the full username.