powered by Jive Software

Auto Populating Buddy List

Hello,

I have installed OpenFire 3.3.0 and have setup the server to authenticate with our Active Directory Server. I am using Spark as our client to connect to the OpenFire and I can connect with my username and password with no problem but is there a way for the buddy list to be populated with the groups and/or users that are part of the domain instead of adding them manually? This would be a great help in me getting my supervisor and company to use this product for an inhouse chatting system.

Thank You in Advance!

I’'m not sure about that, but you can create shared groups on the server that everyone sees so you only have to maintain one roster.

This is definitely possible. We’‘re using it and it works great (we’'re using active directory). I think you want to search for LDAP shared groups.

I’'m alittle naive, can you please explain alittle more on how to accomplish this?

Sorry about that, I can reply more later tonight, but here’'s a little bit…

Basically (from memory), we have to tell Openfire to get groups from LDAP by changing the configuration (conf/openfire.xml) to use the LdapGroupProvider and by setting the GroupSearchFilter to tell the LdapGroupProvider where to find your Active Directory groups (full working config below).

For me, this is how it works… I add a user to a “Wildfire Users” group in Active Directory, then that user is able to successfully log in to Spark using their AD username/password. (I think this is where you’‘re at right now). Then, I add the user to a second group (wf_GROUPNAME for me). My GroupSearchFilter searches for any group that starts with “wf”, and uses those for openfire’‘s groups. I have about 5 “wf_” groups, each corresponding to a particular group in Openfire. (these groups can be called whatever you want- you just need them to match what you’'ve configured in conf/openfire.xml)

Once that’'s all done, you should see the groups show up in the Openfire admin interface (might require restarting the openfire service). However, they will not show up by default to all users when they log in. To do that, you can go into the Admin interface and check “Enable contact list group sharing” for each group. Then “Share group with additional users”, and choose All Users (or choose just the groups you want that group shared with).

The end result for us is that when a user logs in, they automatically see all the users in all groups. If we have a new person come on staff, we just add them to our Wildfire Users group in AD, then also to the appropriate wf_XXXXXXX group in AD. Once openfire has reloaded the LDAP data, that user can log in and immediately see everyone! No need to manually add contacts. In addition, the new person show up to other users automatically (unfortunately, only after those people log out then log back in).

If a person moves to another location (i.e. to a satellite office), we just change what AD groups they are in and they are automatically moved to the correct openfire group. Everyone’'s groups update automatically the next time they log in. Its great

The only improvements I could ask for so far would be the ability to force openfire to reload its ldap config (so I don’'t have to wait for it) and that the roster changes for any new users would be sent out to currently logged in users without having to log out and back in).

Here’'s our config… It also includes a mostly-working vcard mapping for Active Directory (not to be confused with fully working )…

<?xml version="1.0" encoding="UTF-8"?>

<!–

This file stores bootstrap properties needed by Wildfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
&lt;prop&gt;
&lt;name&gt;
&lt;is&gt;
&lt;blah&gt;value&lt;/blah&gt;
&lt;/is&gt;
&lt;/name&gt;
&lt;/prop&gt;
Most properties are stored in the Wildfire database. A
property viewer and editor is included in the admin console.
--&gt;
&lt;!-- root element, all properties must be under this element --&gt;
&lt;jive&gt;
&lt;adminConsole&gt;
&lt;!-- Disable either port by setting the value to -1 --&gt;
&lt;port&gt;9090&lt;/port&gt;
&lt;securePort&gt;9091&lt;/securePort&gt;
&lt;/adminConsole&gt;
&lt;admin&gt;
&lt;!-- Use this section to define users that will have admin privileges. Below,
you will find two ways to specify which users are admins. Admins will
have access to the admin console (only local users) and may have also access
to other functionalities like ad-hoc commands. --&gt;
&lt;!-- By default, only the user with the username "admin" can login
to the admin console. Alternatively, you can specify a comma-delimitted
list usernames that should be authorized to login to the admin console
by setting the &lt;authorizedUsernames&gt; field below. --&gt;
&lt;authorizedUsernames&gt;myADadminusername,Administrator,wildfire&lt;/authorizedUsernames&gt;
&lt;!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
or remote users. --&gt;
&lt;!-- &lt;authorizedJIDs&gt;&lt;/authorizedJIDs&gt; --&gt;
&lt;/admin&gt;
&lt;locale&gt;en&lt;/locale&gt;
&lt;!-- Example LDAP settings --&gt;
&lt;ldap&gt;
&lt;host&gt;mydomaincontroller.mydomain.com&lt;/host&gt;
&lt;port&gt;389&lt;/port&gt;
&lt;usernameField&gt;sAMAccountName&lt;/usernameField&gt;
&lt;nameField&gt;displayName&lt;/nameField&gt;
&lt;emailField&gt;mail&lt;/emailField&gt;
&lt;baseDN&gt;DC=mydomain,DC=com&lt;/baseDN&gt;
&lt;adminDN&gt;CN=Wildfire Admin,CN=Users,DC=mydomain,DC=com&lt;/adminDN&gt;
&lt;adminPassword&gt;MyAdminPassword&lt;/adminPassword&gt;
&lt;posixMode&gt;false&lt;/posixMode&gt;
&lt;clientSideSorting&gt;true&lt;/clientSideSorting&gt;
&lt;searchFilter&gt;&lt;![CDATA[
(&(objectClass=user)(memberOf=CN=Wildfire Users,CN=Users,DC=mydomain,DC=com))
]]&gt; &lt;/searchFilter&gt;
&lt;groupSearchFilter&gt;&lt;![CDATA[
(&(objectClass=group)(sAMAccountName=wf*))
]]&gt; &lt;/groupSearchFilter&gt;
&lt;connectionPoolEnabled&gt;true&lt;/connectionPoolEnabled&gt;
&lt;sslEnabled&gt;false&lt;/sslEnabled&gt;
&lt;debugEnabled&gt;false&lt;/debugEnabled&gt;
&lt;autoFollowReferrals&gt;false&lt;/autoFollowReferrals&gt;
&lt;groupNameField&gt;cn&lt;/groupNameField&gt;
&lt;groupMemberField&gt;member&lt;/groupMemberField&gt;
&lt;groupDescriptionField&gt;description&lt;/groupDescriptionField&gt;
&lt;vcard-mapping&gt;&lt;![CDATA[
&lt;vCard xmlns="vcard-temp"&gt;
&lt;N&gt;
&lt;GIVEN&gt;{givenName}&lt;/GIVEN&gt;
&lt;MIDDLE&gt;{initials}&lt;/MIDDLE&gt;
&lt;FAMILY&gt;{sn}&lt;/FAMILY&gt;
&lt;/N&gt;
&lt;EMAIL&gt;
&lt;INTERNET/&gt;
&lt;USERID&gt;{mail}&lt;/USERID&gt;
&lt;/EMAIL&gt;
&lt;FN&gt;{cn}&lt;/FN&gt;
&lt;NICKNAME&gt;&lt;/NICKNAME&gt;
&lt;ADR&gt;
&lt;HOME/&gt;
&lt;STREET&gt;{homePostalAddress}&lt;/STREET&gt;
&lt;PCODE&gt;{homeZip}&lt;/PCODE&gt;
&lt;CTRY&gt;{co}&lt;/CTRY&gt;
&lt;/ADR&gt;
&lt;ADR&gt;
&lt;WORK/&gt;
&lt;STREET&gt;{streetAddress}&lt;/STREET&gt;
&lt;LOCALITY&gt;{l}&lt;/LOCALITY&gt;
&lt;REGION&gt;{st}&lt;/REGION&gt;
&lt;PCODE&gt;{postalCode}&lt;/PCODE&gt;
&lt;CTRY&gt;{co}&lt;/CTRY&gt;
&lt;/ADR&gt;
&lt;TEL&gt;
&lt;HOME/&gt;
&lt;VOICE/&gt;
&lt;NUMBER&gt;{homePhone}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TEL&gt;
&lt;HOME/&gt;
&lt;CELL/&gt;
&lt;NUMBER&gt;{mobile}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TEL&gt;
&lt;WORK/&gt;
&lt;VOICE/&gt;
&lt;NUMBER&gt;{ipPhone}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TEL&gt;
&lt;WORK/&gt;
&lt;CELL/&gt;
&lt;NUMBER&gt;{mobile}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TEL&gt;
&lt;WORK/&gt;
&lt;FAX/&gt;
&lt;NUMBER&gt;{facsimileTelephoneNumber}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TEL&gt;
&lt;WORK/&gt;
&lt;PAGER/&gt;
&lt;NUMBER&gt;{pager}&lt;/NUMBER&gt;
&lt;/TEL&gt;
&lt;TITLE&gt;{title}&lt;/TITLE&gt;
&lt;ORG&gt;
&lt;ORGNAME&gt;{company}&lt;/ORGNAME&gt;
&lt;ORGUNIT&gt;{department}&lt;/ORGUNIT&gt;
&lt;/ORG&gt;
&lt;URL&gt;{wWWHomePage}&lt;/URL&gt;
&lt;DESC&gt;{description}&lt;/DESC&gt;
&lt;/vCard&gt;]]&gt;&lt;/vcard-mapping&gt;
&lt;/ldap&gt;
&lt;!-- End example LDAP settings --&gt;
&lt;provider&gt;
&lt;user&gt;
&lt;className&gt;org.jivesoftware.openfire.ldap.LdapUserProvider&lt;/className&gt;
&lt;/user&gt;
&lt;auth&gt;
&lt;className&gt;org.jivesoftware.openfire.ldap.LdapAuthProvider&lt;/className&gt;
&lt;/auth&gt;
&lt;group&gt;
&lt;className&gt;org.jivesoftware.openfire.ldap.LdapGroupProvider&lt;/className&gt;
&lt;/group&gt;
&lt;vcard&gt;
&lt;className&gt;org.jivesoftware.openfire.ldap.LdapVCardProvider&lt;/className&gt;
&lt;/vcard&gt;
&lt;/provider&gt;
&lt;!-- End example LDAP settings --&gt;
&lt;connectionProvider&gt;
&lt;className&gt;org.jivesoftware.database.EmbeddedConnectionProvider&lt;/className&gt;
&lt;/connectionProvider&gt;
&lt;setup&gt;true&lt;/setup&gt;
&lt;log&gt;
&lt;debug&gt;
&lt;enabled&gt;false&lt;/enabled&gt;
&lt;/debug&gt;
&lt;/log&gt;
&lt;/jive&gt;

Message was edited by: peted20

See if this helps: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

Sorry, I’'m not really sure how to post the config file and keep the formatting. Anyone have any tips?

Pete: use the Rich Text tab and select ‘‘Preformatted’’ from the -Format- box

Thanks bmace, the formatting is a little better now. bhaskin, that ldap guide is really what you want Good luck!