powered by Jive Software

Authenticate users via two methods

Hello,

I’ve searched through months of forum discussions and can’t seem to find much related to my query below. Hopefully, someone here has some ideas…

We’re setting up another Openfire (running 3.4.4 right now) server that will eventually be exposed to external users. My internal users will be authenticated against a secure ldap server - this portion is already setup and running well. However, I will also have a significant number of external users that will eventually need to be authenticated against a postgres database that Openfire can use as well. Can this dual or mixed mode authentication be setup in Openfire? And if so, any ideas on how to accomplish it?

Thanks in advance,

Shane

Check out the HybridAuthProvider documentation, this should allow you to do what you want:

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/javadoc/ org/jivesoftware/openfire/auth/HybridAuthProvider.html

BenV - thanks for the pointer to HybridAuthProvider! It’s exactly what I’m looking for - I think. Unfortunately, outside of the “simple” single authentication methods I’ve already used in the past, I’m unable to figure out exactly how to manually setup openfire.xml to handle two authentication methods.

I’ve been to the JavaDocs URL you provided and tried to implement authentication with a local postgres database as the primary method and ldap as the secondary method, but my openfire server crashes as soon as it starts. It’s not finding my postgres database according to the logs. It’s there of course because I used it to login before stopping the server and converting openfire.xml to dual authentication.

Here’s a snippet of my openfire.xml which of course isn’t working since I don’t know what I’m doing. Keep in mind, I’ve gotten both the postgres and ldap authentication working separately, just not at the same time, so I know things like the ldap port, ssl, openfire database user password, etc. all work. In essence, all I need is for the info. below to be in the correct order, etc.

<provider>

<auth>

<className>org.jivesoftware.openfire.auth.HybridAuthProvider</classNam e>

</auth>

</provider>

<hybridAuthProvider>

<primaryProvider>

<className>org.jivesoftware.openfire.auth.DefaultAuthProvider</classNa me>

<database>

<defaultProvider>

<driver>org.postgresql.Driver</driver>

<serverURL>jdbc:postgresql://chat.example.com:5432/openfire</serverURL >

<username>openfire</username>

<password>xxxxxxxxx</password>

<minConnections>5</minConnections>

<maxConnections>15</maxConnections>

<connectionTimeout>1.0</connectionTimeout>

</defaultProvider>

</database>

</primaryProvider>

<secondaryProvider>

<className>org.jivesoftware.openfire.auth.LdapAuthProvider</className& gt;

<ldap>

<host>ldap.example.com</host>

<port>636</port>

<baseDN>o=example.com</baseDN>

<adminDN/>

<adminPassword/>

<connectionPoolEnabled>true</connectionPoolEnabled>

<sslEnabled>true</sslEnabled>

<ldapDebugEnabled>false</ldapDebugEnabled>

<autoFollowReferrals>false</autoFollowReferrals>

<usernameField>uid</usernameField>

</ldap>

</secondaryProvider>

</hybridAuthProvider>

Thanks in advance for any assistance that can be provided.

Shane