powered by Jive Software

Delegated administration for Openfire 3.6.3?

Is there the capability in Openfire to allow delegated administration? A plugin perhaps?

I.E.

Support staff manage the server and plugins

Service Desk manage account locking/unlocking, MoTD, broadcasts

Security manage audit logs, searches, etc…

This is not possible. It is all or nothing.

Hi Chris,

if you have an Apache with mod_proxy in front of Openfire (which is always a good idea) you can use it to limit access for users and pages with mod_auth. Anyhow this may become a very complex setup. So I wonder whether one would better write a plugin.

LG

One feature we’d love to see is to allow a specific user to send the admin message to all users.

the “Send Administrative Message” feature.

Hey LG,

So I wonder whether one would better write a plugin.

That would have to be a pretty sophisticated plugin. If someone were committed to doing that much work it would probably be better if the changes were made directly to core Openfire Admin Console source (and of course donated back to the community).

Cheers,

Ryan

Hi Ryan,

I thought of something like a servlet filter, but maybe that’s impossible with a plugin and one does really to add it to the admin console. In any way it will be sophisticated code as mapping permissions to pathes will be tricky.

LG

Hi LG,

A servlet filter might work… I guess it would depend somewhat on how the Admin Console would appear based on a users creditials. Would (sub) menus, tabs, etc. become grayed out? Removed? Other? As you said things would get tricky.

Cheers,

Ryan

I used mod_proxy and mod_auth with Apache/1.3.37, in exactly this configuration. Here’s what you’d write in httpd.conf file, assuming mod_proxy.c was compiled in.

HTH,

BEA


LoadModule auth_module modules/mod_auth.so

<Directory proxy:*>

AllowOverride AuthConfig
AuthType Basic
AuthName "Auth required"
AuthUserFile …
Require valid-user

<VirtualHost *:443>

ProxyPass / https://127.0.0.1:9091/
ProxyPassReverse / https://127.0.0.1:9091/