New install of Openfire 3.6.4 on CentOS5 connecting with Windows Server 2008 Standard (an active, working site)… going through the wizard during initial setup of Openfire, but all I get is ‘Error authenticating with the LDAP server. Check supplied credentials’… no matter what I seem to put.
What I’m trying to put:
Server Type: Active Directory
Host: myserver.intranet.local
Port: 389
Base DN: OU=Users,DC=myserver,DC=intranet,DC=local
Administrator DN: CN=Administrator,OU=Users,DC=myserver,DC=intranet,DC=local
Password: ************
I’ve also tried creating a new user ‘xmpp-openfire’ in a new OU ‘whatever’, as a member of Domain Users & Account Operator with no change.
I’ve also tried using an Administrator DN of ‘Administrator@intranet.local’ (the accounts email address) with no change.
It may be important to note that this is a pretty vanilla install of Win2008 (single server, no tree) at a small site that is NOT set for Pre-Win2003 OR Win2003. AD is installed as Win2008-only environment w/ WinXP & Vista clients.
I’ve searched & searched to no avail, and used this document as a guide:
http://www.igniterealtime.org/community/docs/DOC-1554
Help?!?
The default users container is not an OU it is a CN.
Good Morning,
Might I suggest downloading a copy of Softerra LDAP Administrator. It is only a trial but it will greatly assist you with finding te correct the LDAP binds that you require for getting your installation up and running. In each section of AD that you require a bind, ie Users or similar you are looking for the ‘DistinguishedName’ field. With this tool it is near impossible to get the paths wrong. It should take you about 20 minutes to get your openfire server live.
Kind Regards,
Chris
Insight Networks Pty. Ltd.
Melbourne, Australia
3x great responses, and all very helpful… thank you very much!
To those who stumble on this searching, this is what got me working:
Base DN: OU=whatever,DC=intranet,DC=local
Administrator DN: CN=xmpp-openfire,CN=Users,DC=intranet,DC=local
In Active Directory: I wound up moving all of the users & security groups into a new OU (whatever) and created a new user (xmpp-openfire) in the default CN (Users is not an OU as pointed out and confirmed by Softerra LDAP Administrator); the new user being apart of the Account Operators security group. Further Softerra LDAP Administrator made clear that the DC’s was NOT to include the host (myserver), but only the domain (intranet.local). I’ve been using Openfire and Wildfire before it for quite a while now, but never integrated w/ Active Directory. Thanx for a magnificent application!
Next task: Single Sign-On
Glad I found your final solution Frig - it helped me solve my AD connection problems. I upgraded my AD from 2003 to 2008 and all OpenFire LDAP authentication stopped working. My guess is the 2008 DC has a less forgiving syntax requirement related to users (my previous admin user settings didn’t specify the domain, suffix, or user container but worked fine against the 2003 AD DC).
Just to add a few more keywords to help for others searching: Active Directory Windows Server 2008 Domain Controller
Typical OpenFire settings should be-
Base DN:
DC=domain,DC=suffix
Administrator DN:
CN=openfireuser,CN=Users,DC=domain,DC=suffix
In the above strings replace:
domain = your Active Directory domain name
suffix = your Active Directory domain suffix (default = “local”)
openfireuser = a domain user with domain admin priveledges
Also this assumes the openfire user is in the default Users container.
Many thanks.