Can't login to Admin Console

Matt_Burks · December 5, 2008, 9:28pm

Hello, I have setup OpenFire 3.6.2 and everything was working perfectly until I made a change to the LDAP/AD settings. Our users all use an employee number for their user names here, so when I setup this system all you could see was a 5 digit code for a user. I changed the username setting from samAccountname to displayname. And now, for some reason I can’t login to the admin console with either my old 5 digit code or my new display name (like I login to the client).

Anyone have any ideas? Is there a table I can edit in the database to fix this?

Thanks in advance for any help anyone may be able to offer. I appreciate it.

-Matt

wroot · December 6, 2008, 4:07pm

you can also try edit your /opnfire/conf/openfire.xml

there are two places to add users as admins in that file

Matt_Burks · December 6, 2008, 6:02pm

Hmm, I’m not seeing anything about admin users in that file. All I can see user wise is the account that is used to attach to the MySQL database.

wroot · December 7, 2008, 11:31am

I mean this part:

<!-- <authorizedUsernames></authorizedUsernames> -->
<!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
     or remote users. -->
<!-- <authorizedJIDs></authorizedJIDs> -->

also, you should uncomment the line you need

Matt_Burks · December 7, 2008, 4:47pm

Hmm, my file doesn’t have that section at all. Can I just add it and if so where does it need to go?

wroot · December 7, 2008, 5:40pm

Maybe it’s not supported anymore, as i know now admins are saved in the database. Anyway, here’s the whole file:

<?xml version="1.0" encoding="UTF-8"?> 9090 9091 en org.jivesoftware.database.EmbeddedConnectionProvider true

LG1 · December 7, 2008, 5:49pm

Hi,

interesting that this section was removed for 3.6.0.

See http://www.igniterealtime.org/fisheye/browse/svn-org/openfire/trunk/src/conf/ope nfire.xml?r=7872

It should look like “…myusername…”

LG

Matt_Burks · December 8, 2008, 12:10am

Ok, Still can’t get into the Admin Console…

The problem seems to be that I have changed the setup so that a user’s username is “lastname, firstname” because I am pulling that from the “displayname” object in the active directory. I don’t believe I can add my username to this file because it can’t accept “Doe, Jon” because it says “Comma-delimitted list of bare JIDs”. So it’s seeing that as two names, one of Doe and one with Jon.

So, if I have to uninstall the app and start from scratch that’s fine too. How do I go about setting it up so that people’s names do not show up in the list as their samAccountName since our’s are 5 digit numbers and no one knows who’s number is whos?

NO_MESSAGES_OR_FRIEN · December 8, 2008, 1:55pm

This all has to do with how you configure your openfire vCard mappings and other settings. The authorized users must always use the samAccountName in the list of names.

In your openfire.xml you need to add this information above the tag:

<![CDATA[

{sn}
{givenName}

{mail}

{displayName}
{displayName}

image/jpeg
{jpegPhoto}

{homePostalAddress}

{postOfficeBox}
{l}
{st}
{postalCode}
{c}

{homePhone}

{telephoneNumber}

{mobile}

{pager}

{facsimileTelephoneNumber}

{title} {wWWHomePage} {company} {department} ]]> displayName mail cn member description false (objectClass=group)

Matt_Burks · December 8, 2008, 2:04pm

My Openfire.xml file doesn’t have an ldap section. Can I just add this to mine, if so where does it need to go?

Thanks,

Matt

Matt_Burks · December 8, 2008, 2:10pm

Here is my entire Openfire.xml file as it is now.

<?xml version="1.0" encoding="UTF-8"?>

9090 9091 en org.jivesoftware.database.DefaultConnectionProvider com.mysql.jdbc.Driver jdbc:mysql://localhost:3306/(DBName) (username) (pw) select 1 true true 5 25 1.0 true

NO_MESSAGES_OR_FRIEN · December 8, 2008, 2:19pm

Ok sandwich all that data between the and tags. Make sure to close the ldap tage with after all my stuff.

NO_MESSAGES_OR_FRIEN · December 8, 2008, 2:23pm

Immediately after the tag you can add:

adminuser

Substitute any sAMAccountName for the adminuser.

All these changes I have provided should be added with the openfire server stopped. Once you start the openfire server the changes will be migrated to the database. I may take some time.

Matt_Burks · December 8, 2008, 3:39pm

Ok, first off thank you all for the support. I really appreciate all the quick replies…

I blew away my installation (hadn’t deployed it out yet so, why not?) and I’ve reinstalled it back with default settings. I am connected to my Active Directory and I’m able to pull employees from there. How do I go about setting it up so when I look at my list of people in Spark it will show something different than their usernames? I would really like it to show the displayname object from AD if at all possible since that will be Lastname, Firstname.

Thanks again guys! I really appreciate it.

-Matt

NO_MESSAGES_OR_FRIEN · December 8, 2008, 4:02pm

In your openfire admin page goto system properties and change ldap.nameField to displayName.

This should be your vCard Mapping in the ldap.vcard-mapping property:

{sn}{givenName}{mail}{displayName}{disp layName}image/jpeg{jpegPhoto}</P HOTO>{homePostalAddress}{ postOfficeBox}{l}{st}{post alCode}{c}{homePhone}</NU MBER>{telephoneNumber}{mobile}{pager}</NU MBER>{facsimileTelephoneNumber}{title}{wWWHomePage}{company}{department}

Matt_Burks · December 8, 2008, 4:44pm

Ok, I’ve changed the ldap.nameField to displayName. It was just set as “cn” and I’m still seeing my users/contacts as their 5 digit user names.

Below is my vCard info. I wasn’t 100% sure what I was looking for in the previous post.

]]>"><![CDATA[

{cn}

{mail}

{displayName}

{homePostalAddress}
{homeZip}
{co}

{streetAddress}
{l}
{st}
{postalCode}
{co}

{homePhone}

{mobile}

{telephoneNumber}

{mobile}

{facsimileTelephoneNumber}

{pager}

{title} {department} ]]>

NO_MESSAGES_OR_FRIEN · December 8, 2008, 5:19pm

You cannot have any <![CDATA[ stuff in the System properties anymore. It does not need that since it is no longer stored in the xml file. If you copy and paste my single line version of the vcard mipping from my last post it should fill in the profile well. Below are the images of the system properties from a working AD setup.

NO_MESSAGES_OR_FRIEN · December 8, 2008, 5:21pm

You also need to restart the server after changing some of these settings. And definitely need to restart Spark or whatever client you use.

Matt_Burks · December 8, 2008, 5:32pm

Does it take a while for the setting to take effect? I’ve changed it and my settings look just like yours, but I’m still seeing the users’ sAMAccountname in my list.

And just to clarify, my users login to the domain with, for example, 02684 and their password. In my list that user is showing up as 02684 and not Doe, Jon. And since no one but Jon Doe knows that his employee number is 02684 people can’t tell whos who in their list.

Matt_Burks · December 8, 2008, 5:43pm

…and the one time I set the ldap.usernameField to be displayName it worked great, except I couldn’t login to the admin console. Which… is kinda important.