Hello, I have setup OpenFire 3.6.2 and everything was working perfectly until I made a change to the LDAP/AD settings. Our users all use an employee number for their user names here, so when I setup this system all you could see was a 5 digit code for a user. I changed the username setting from samAccountname to displayname. And now, for some reason I can’t login to the admin console with either my old 5 digit code or my new display name (like I login to the client).
Anyone have any ideas? Is there a table I can edit in the database to fix this?
Thanks in advance for any help anyone may be able to offer. I appreciate it.
<!-- <authorizedUsernames></authorizedUsernames> -->
<!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
or remote users. -->
<!-- <authorizedJIDs></authorizedJIDs> -->
The problem seems to be that I have changed the setup so that a user’s username is “lastname, firstname” because I am pulling that from the “displayname” object in the active directory. I don’t believe I can add my username to this file because it can’t accept “Doe, Jon” because it says “Comma-delimitted list of bare JIDs”. So it’s seeing that as two names, one of Doe and one with Jon.
So, if I have to uninstall the app and start from scratch that’s fine too. How do I go about setting it up so that people’s names do not show up in the list as their samAccountName since our’s are 5 digit numbers and no one knows who’s number is whos?
This all has to do with how you configure your openfire vCard mappings and other settings. The authorized users must always use the samAccountName in the list of names.
In your openfire.xml you need to add this information above the tag:
<![CDATA[
{sn}
{givenName}
{mail}
{displayName}
{displayName}
image/jpeg
{jpegPhoto}
{homePostalAddress}
{postOfficeBox}
{l}
{st}
{postalCode}
{c}
{homePhone}
{telephoneNumber}
{mobile}
{pager}
{facsimileTelephoneNumber}
{title}
{wWWHomePage}
{company}
{department}
]]>
displayName
mail
cn
member
description
false
(objectClass=group)
All these changes I have provided should be added with the openfire server stopped. Once you start the openfire server the changes will be migrated to the database. I may take some time.
Ok, first off thank you all for the support. I really appreciate all the quick replies…
I blew away my installation (hadn’t deployed it out yet so, why not?) and I’ve reinstalled it back with default settings. I am connected to my Active Directory and I’m able to pull employees from there. How do I go about setting it up so when I look at my list of people in Spark it will show something different than their usernames? I would really like it to show the displayname object from AD if at all possible since that will be Lastname, Firstname.
You cannot have any <![CDATA[ stuff in the System properties anymore. It does not need that since it is no longer stored in the xml file. If you copy and paste my single line version of the vcard mipping from my last post it should fill in the profile well. Below are the images of the system properties from a working AD setup.
Does it take a while for the setting to take effect? I’ve changed it and my settings look just like yours, but I’m still seeing the users’ sAMAccountname in my list.
And just to clarify, my users login to the domain with, for example, 02684 and their password. In my list that user is showing up as 02684 and not Doe, Jon. And since no one but Jon Doe knows that his employee number is 02684 people can’t tell whos who in their list.
…and the one time I set the ldap.usernameField to be displayName it worked great, except I couldn’t login to the admin console. Which… is kinda important.