Autosetup with LDAP integration (Active Directory)

Stark_Cab · February 23, 2024, 9:06pm

Hi,

I’m trying to automate the deploy of openfire (version 4.8.0). The issue is that the LDAP configuration is not considered and the only way to login in the console is using the default admin. After logging into the console, I see that the LDAP integration is not considered.

Below my openfire.xml:

 <autosetup>
        <run>true</run>
        <locale>en</locale>
         <connectionProvider>
            <className>org.jivesoftware.database.EmbeddedConnectionProvider</className>
        </connectionProvider>
        <xmpp>
            <domain>DOMAIN_NAME</domain>
            <fqdn>FQDN_Name</fqdn>
            
            <socket>
                <ssl>
                    <active>true</active>
                </ssl>
            </socket>
        </xmpp>
        <encryption>
            <algorithm>AES</algorithm>
            <key>some-key</key>
        </encryption>
    <ldap>
            <host>DOMAIN_CONTROLLER_FQDN</host>
            <port>LDAP_PORT</port>
            <sslEnabled>SSL_ENABLED</sslEnabled>
            <startTlsEnabled>STARTTLS_ENABLED</startTlsEnabled>
            <usernameField>sAMAccountName</usernameField>
            <nameField>displayName</nameField>

            <emailField>mail</emailField>
            <baseDN>BASE_DN</baseDN>
            <adminDN>ADMIN_DN</adminDN>
            <adminPassword>ADMIN_PWD</adminPassword>

             <searchFilter>(objectClass=organizationalPerson)</searchFilter>
              <groupMemberField>member</groupMemberField>
            <groupDescriptionField>description</groupDescriptionField>
            <posixMode>false</posixMode>
            <groupSearchFilter>(objectClass=group)</groupSearchFilter>
      </ldap>
        <admin>
        <authorizedUsernames>xmpp</authorizedUsernames>
      </admin>
    <provider>
        <user>
          <className>org.jivesoftware.openfire.ldap.LdapUserProvider</className>
        </user>
        <auth>
          <className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className>
        </auth>
        <group>
          <className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className>

        </group>
    </provider>
        <database>
            <mode>standard</mode>
            <defaultProvider>
                <driver>org.hsqldb.jdbcDriver</driver>
                <serverURL>jdbc:hsqldb:../database/defaultdb</serverURL>
                <username>a-database</username>
                <password>a-password</password>
                <minConnections>5</minConnections>
                <maxConnections>25</maxConnections>
                <connectionTimeout>1.0</connectionTimeout>
            </defaultProvider>
        </database>
        
        <users>
        </users>
    </autosetup>

spricer · February 25, 2024, 6:26am

Stark_Cab:

<ldap>
            <host>DOMAIN_CONTROLLER_FQDN</host>
            <port>LDAP_PORT</port>
            <sslEnabled>SSL_ENABLED</sslEnabled>
            <startTlsEnabled>STARTTLS_ENABLED</startTlsEnabled>
            <usernameField>sAMAccountName</usernameField>
            <nameField>displayName</nameField>

            <emailField>mail</emailField>
            <baseDN>BASE_DN</baseDN>
            <adminDN>ADMIN_DN</adminDN>
            <adminPassword>ADMIN_PWD</adminPassword>

             <searchFilter>(objectClass=organizationalPerson)</searchFilter>
              <groupMemberField>member</groupMemberField>
            <groupDescriptionField>description</groupDescriptionField>
            <posixMode>false</posixMode>
            <groupSearchFilter>(objectClass=group)</groupSearchFilter>
      </ldap>
        <admin>
        <authorizedUsernames>xmpp</authorizedUsernames>
      </admin>
    <provider>
        <user>
          <className>org.jivesoftware.openfire.ldap.LdapUserProvider</className>
        </user>
        <auth>
          <className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className>
        </auth>
        <group>
          <className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className>

        </group>
    </provider>

Take above out of <autosetup> tag and put it as first level within <jive> tag

Stark_Cab · February 25, 2024, 9:48am

Hi, thanks! But not the issue is stranger.
When I try to run the FIRST TIME the auto setup, I cannot login into it. But If I stop the service, re-run the auto setup (with the same configuration file!) it works. Has anyone idea of what’s happening?

spricer · February 26, 2024, 3:04am

Ensure that <setup>true<>/setup> tag does not exist.
Your code should look like this:

<jive>
<autosetup>
        <run>true</run>
        <locale>en</locale>
         <connectionProvider>
            <className>org.jivesoftware.database.EmbeddedConnectionProvider</className>
        </connectionProvider>
        <xmpp>
            <domain>DOMAIN_NAME</domain>
            <fqdn>FQDN_Name</fqdn>
            <socket>
                <ssl>
                    <active>true</active>
                </ssl>
            </socket>
        </xmpp>
        <encryption>
            <algorithm>AES</algorithm>
            <key>some-key</key>
        </encryption>
        <database>
            <mode>standard</mode>
            <defaultProvider>
                <driver>org.hsqldb.jdbcDriver</driver>
                <serverURL>jdbc:hsqldb:../database/defaultdb</serverURL>
                <username>a-database</username>
                <password>a-password</password>
                <minConnections>5</minConnections>
                <maxConnections>25</maxConnections>
                <connectionTimeout>1.0</connectionTimeout>
            </defaultProvider>
        </database>
        <authprovider>
            <mode>ldap</mode>
        </authprovider>
</autosetup>
    <ldap>
            <host>DOMAIN_CONTROLLER_FQDN</host>
            <port>LDAP_PORT</port>
            <sslEnabled>SSL_ENABLED</sslEnabled>
            <startTlsEnabled>STARTTLS_ENABLED</startTlsEnabled>
            <usernameField>sAMAccountName</usernameField>
            <nameField>displayName</nameField>
            <emailField>mail</emailField>
            <baseDN>BASE_DN</baseDN>
            <adminDN>ADMIN_DN</adminDN>
            <adminPassword>ADMIN_PWD</adminPassword>
             <searchFilter>(objectClass=organizationalPerson)</searchFilter>
              <groupMemberField>member</groupMemberField>
            <groupDescriptionField>description</groupDescriptionField>
            <posixMode>false</posixMode>
            <groupSearchFilter>(objectClass=group)</groupSearchFilter>
      </ldap>
    <provider>
        <user>
          <className>org.jivesoftware.openfire.ldap.LdapUserProvider</className>
        </user>
        <auth>
          <className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className>
        </auth>
        <group>
          <className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className>
        </group>
    </provider>
        <admin>
        <authorizedUsernames>xmpp</authorizedUsernames>
      </admin>
</jive>

Is your ldap user realy named xmpp?
Note that after running openfire <autosetup> and <ldap> tags should disappear from openfire.xml. There will be left only sections that automated installer cannot (or wont) change in DB for various reasons (e.g. if entry already exists).
As for behavior you are experiencing I am not sure. It could be because the way you are using autosetup and ldap configuration, installer modifies openfire.xml in such way that two sequence or restarts is needed so that configuration can be applied.