powered by Jive Software

Bad authentification login

We think, that it is incorrect to authenticate administrators by their jids when entering the admin console. We encountered the problem: we moved openfire-server to another domain and admin’s jids had chanched, so we couldn’t login to the admin console without changing entries in our database openfire tables.

if you moved the openfire server to another domain you should rerun the server config again by editing the openfire.xml file so that the setup tag reads false. There are any number of things that may be wrong after such a move. All JID for sure are wrong.

  1. why? I change field “domainname” in the server settings. Users authentificate via LDAP (read-only!!!), and I think, that their jids would have chanched automaticly. I think this is a right method.

  2. I don’t understand, why to compare login with jid? I believe, that login should be compared with some analogous record. Is not it logical?

Hi,

I agree with what you are saying. While changing the xmpp.domain requires some manual database changes, the adminJIDs should probably be migrated. I filed a RFE Jira ticket for folks to vote on and comment.

JM-1522

daryl

all logins to the server are based on JID which is created based on the LDAP settings you provided during config. This included which JID can admin the server. That is why the choice of admins is after success of LDAP config. All users now have a new JID. All old logs, and settings are associated to the old JID. New logs and settings will be added as users login again.

“settings are associated to the old JID”

What? Why? All users of one server have identical domain name. Why “settings are associated to the old JID”, if you can associated the settings with their logins?

I don’t understand, why to compare login with jid? I believe, that login should be compared with some analogous record. Is not it logical?

Users of concrete server are headache of administrators of this server. I think that developers develop server for administrators, who provide service to endusers. And this my logical tell me, that administrators must have more flexible possibilities to control. Administrators must solve user’s destiny. For example, when moving server to another domain.

All users logins and settings are based on their XMPP JID if you are using LDAP. This is because users are first pulled into the server via the LDAP query and then the accounts are created based on this. All XMPP servers do authentication based on JID to the best of my knowledge. The only way you can get a static admin is to not use LDAP. And user account that is created either via a client or LDAP connection is created as a JID.