I am considering using Wildfire at our company, but need to integrate it with our existing, large sized Active Directory. However, although it’'s said that Wildfire does work with AD, I have some specific questions regarding our peculiar and complex AD configuration:
Can Wildfire integrate with a multi-realm/multi-domain AD environment, where we have some users with id1@abc.com and others with id2@def.com ? We need to be able to specify multiple (more than 2) search locations
It appears from other posts that search filters can be used to screen out users, but is it best practice that the Jabber users within AD are placed into a specific AD group or groups?
How large an AD can be handled? Or does AD size not matter? We may have thousands of users
Can AD groups be passed to Wildfire so that they become shared IM groups?
Can traffic to/from the AD server be secured with SSL?
Does Wildfire communicate with the Domain Controller or the Global Catalog?
id2@def.com ? We need to be able to specify multiple
(more than 2) search locations
Your best bet here is to just use 2 servers, one for each realm. The Jabber servers will be able to communicate with eachother. I dont even know if it would be possible to have a single Wildfire server with multiple realms.
It appears from other posts that search filters
can be used to screen out users, but is it best
practice that the Jabber users within AD are placed
into a specific AD group or groups?
How well do you know LDAP? If you know LDAP fairly well, any LDAP query you can craft Wildfire can use. I prefer to add an attribute to the user to designate Jabber ability as it makes the query a little easier to read.
How large an AD can be handled? Or does AD size
not matter? We may have thousands of users
You should be able to handle thousands of users, provided you are using decent hardware. If that gets spliti between 2 servers (as mentioned above) it certainly wont be a problem.
Can AD groups be passed to Wildfire so that they
become shared IM groups?
Yes.
Can traffic to/from the AD server be secured with
SSL?
Yes.
Does Wildfire communicate with the Domain
Controller or the Global Catalog?
Ive never touched AD before, so I dont really understand this question. Maybe someone else can answer it better. But Wildfire just needs to communicate with the LDAP service, wherever that gets set up (it dosnt have to be the master, a replica is acceptable)
I am using eDirectory LDAP so not sure if this applies or not, however I have 24, 674 user as of yesterday, and if I do not use my filter, Wildfire will happily return everyone of them much to the delight of this administrator… You can hear the sarcasm right? Seriously though. I am running 2.5.1 on a test box, I am running 2.6.0 nightly on two other boxes all querying the same LDAP database. If I set my view in the webadmin portal to show 100 users per it returns (albiet a little slowly) all 24K plus users on 247 pages.
Now 2.6.0 does this quicker, and with the CDATA search string that we put together, it only returns 3300 users now. So I am not really sure what this 1000 user limit thing is…
Hope this helps a little. You know an easy test, set one up, grab an old P3, stuff 1 gig of ram in it (for speed only mind you) Drop Fedora 2,3,4 on it, setup Wildfire, and the config pointing back to your Active directory. Takes a little bit, but this board can help so it wont be that hard.
The LDAP search is done against a DC not your catalog server.