How to configure Openfire to authenticate user against second ldap server if first fails?

Sanjeev · September 15, 2010, 8:37pm

Hi,
We have two separate departments having their own Microsoft Active directory servers. Users from those two department need to chat with each other.

I have setup openfire chat server with one ldap AD server and works fine. How can we make openfire chat server to search and authenticate user from another ldap server if first does not return that user.

I tried using “HybridAuthProvider” but it seems to work when one source is database and another is ldap. If both sources are ldaps (ldap1 and ldap2) primary and secondary I can not give same property like
ldap.adminDN = cn=Administrator,cn=Users,dc=globalsupport1
ldap.adminDN cn=Administrator,cn=Users,dc=mycompany2

I’ll appreciate if you can help in this regard or even can provide some other solution doe the basic issue of openfire talking to two ldaps.

I was also looking for a thin ldap proxy application if it can connect to two ldaps and then I can give ldap proxy paramater in openfire config. If you can suggest any software for that purpose.

Thanks in advance
-Sanjeev

Craig_Woodward · September 22, 2010, 1:58am

You’ll need to combine your two AD realms into one using some sort of meta directory, or by pointing openfire at the Global Catalogue if both your AD realms are part of the same forest and have common named root.

If you want to go the meta directory direction you can use MS ADAM since it’s free. Check out this doc, it should get you started: http://community.igniterealtime.org/docs/DOC-1534

Sanjeev · September 22, 2010, 5:52am

Thanks for your response and link to the document. Yes this is one of the option I can consider.

wroot · September 22, 2010, 1:36pm

Moving this thread into Openfire Support section, where it should be and should get more attention. Contributors section is mainly for the developers contributing to the projects.