powered by Jive Software

AD Quick Questions!

We just setup 2.62 to intergrate with active directory. Have a couple quick questions. So far all our AD users can login in great!

  1. What’'s the easiest way to create a shared roster/group. Right now we created a group and are adding users in one by one?

  2. If I select users and groups, and click DELETE, they won’'t be deleted from Active Directory right? The LDAP integration is a read only?

  3. We are a little worried about using the same passwords for our network as with our IM. We are going to enable SSL and TLS, what is everyone doing?

Thanks,

Eric

Hi Eric,

@2: yes, and you should not use an LDAP admin user but one with read-only access.

@3: SSL also known as old-SSL is using port 5223 and you may not want to enable it. On page http://server:9090/ssl-settings.jsp you can disable old SSL and require TLS. TLS is similar to SSL but it supports also an unencrypted connection as long as you don’'t select “required”.

LG

  1. You could setup Wildfire to ‘‘see’’ your AD groups, although this might not be what you want.

  2. Deleting from a group in wildfire strictly deals with Wildfire, The LDAP authentication is for Read-only, although I think I have seen people setup stuff to update information in profiles (friendly name, addresses, other v-card stuff)

  3. If you are gonna use the AD to authenticate to, the passwords must be the same. the only other alternative is to use either the internal database structure, then you’'ll have to create usernames and password for everyone, or hook wildfire up to another authenticative authority, i.e. LDAP on another system. If you are using yourAD LDAP to authenticate to, you really should have TLS setup so nothing is clear across the connection.

Jeff

  1. See my reply in this thread: http://www.jivesoftware.org/community/message.jspa?messageID=120078

  2. It’'s read-only. Deleting users from the Admin Console is pointless. Wildfire will repopulate the user list with whatever is in AD once the cache expires.

  3. Use SSL/TLS.