hi all,
sorry, i know this has been asked before, but the only solution i can find is to have a uid that us ‘‘username’’ only, rather than ‘‘username@domain.com’’
i have an ldap store that will be hosting multiple domains, and would like to use openfire as the chat server.
when i put ‘‘user@domain.com’’ for the admin username, openfire sends the following filter to ldap:
filter="(uid=username%40domain.com)"
is it possible to get around that?
thanks for reading
Ive been writing some code specifically to address this problem. However, its not done yet, and wont likely make it into the next version. But the general idea is the addtion of a usernameSuffix for LDAP, which appends something to the end of usernames before going to LDAP, and then removes it when coming out of LDAP. The design has email fields like yours in mind.
Vote for JM-1078 if you are interested in something like it.
The alternative is to ‘‘kludge it’’.
Assuming Active Directory as an LDAP server and Exchange as an email system, here’'s how I do it:
Use Microsoft Metadirectory Service to pull out the mail attribute in AD (we use Exchange which auto-populates this)
I then strip the suffix and use the same product to put it back into each the extensionattribute1 (created as part of an exchange install and it’'s indexed and part of the Global Catalog so perfect for this)
I then use that attribute as UID in my Openfire config.
Works a treat. It’‘s also easily reproducable with a simple vbscript which is scheduled to run daily (or whatever) on a domain controller if you don’'t have MIIS.
However, this does preclude the use of SSO until SlushPupie sorts out his SSAPI patch
D
I have just been hit by this issue and working out how to get around it. From a bit of analysis it looks like I won’‘t get around it without a code change. If I had real admin priviliges to our LDAP directory then I might look at changing that, but since I have just a read-only admin (can view the whole directory, but can’'t make changes) for use by WildFire.
I understand the limitation since generally the combination is uiddomain, though one approach that could be added to Wildfire would be to have a JID filter field. Basically you specify what should be filtered out of the UID so that JIDdomain can work. So:
Filter value: @mydomain.com
Domain name: @mydomain.ca
UID: bob@mydomain.com
Resultant ID: bob@mydomain.ca
If I get time I will see how doable this is in the Wildfire code.
It would be easy enough to have a list to filter off if we were always requesting the DN in some wide search pattern. But the problem is sometimes I have to put the suffix back on the username, and with a list you cant do that very easily.
Consider when we need to take a username and determine the DN from it. If I know the username is jdoe, and I have a list of 5 possible suffixes, which do I use? I suppose it would be possible to do a complex search like:
( | (mailField={user}{suffix1})(mailField={user}{suffix2})...(mailField={user}{suffixN}) )
But this is turning a simple query and making it more complex and will likely adversely affect performance on larger systems. Im curious what the timing difference is for running queries like this on a large ldap server.
I guess I can put this in svn-trunk if people want to test it and see how it handles. Lets see what the magical code-monkey brings me this weekend.
I made a quick modification to the code and things seem to be working for me. Note that I haven’'t tested these changes 100%, so I am not sure if there are any side effects (BTW I assume you have Java programming knowledge). Consider this quick and dirty:
I originally changed the org.xmpp.packet.JID class, but the effects are a bit too drastic. Since this is only an LDAP issue I made a change to the classes in the org.jivesoftware.openfire.ldap classes. Basically after any call to:
username = JID.unescapeNode(username);
I added the following code:
if ( System.getProperty("wildfire.domain.suffix") != null )
{
username = username + System.getProperty("wildfire.domain.suffix");
}
then in the openfire shell file I added -Dwildfire.domain.suffix="@mydomain.com" starting with:
nohup "$app_java_home/bin/java" -server
Oh, and I made a JAR of the classes in the org.jivesoftware.openfire.ldap, calling it 00patch.jar and placed in the lib directory.
BTW how do I preformat my code in this forum? Can’'t seem to see a tag something similar
Message was edited by: ajmas
– Formatted the code. Thanks slushpupie for the pointers
I have code that does that (and a little bit more). If you want to display code in the fourms, use the Plain Text editor and put \
at the beging and end of your code. Example: \
foo.bar = “something”;
\
Will produce:
foo.bar = “something”;