I’m starting from scratch my Openfire again (third time…) before moving to another jabber server.
I want to use SRV DNS record so that my users can log in Openfire using their email address, like email@example.com.
And I also want Openfire to see my users as firstname.lastname@example.org and not email@example.com.
In my DNS I have:
_xmpp-server._tcp.mydomain.com. 86400 IN SRV 10 0 5269 myserver.mydomain.com.
_xmpp-client._tcp.mydomain.com. 86400 IN SRV 10 0 5222 myserver.mydomain.com.
myserver.mydomain.com IN CNAME myserver.myinternaldomain.priv
I’m using a certificate signed with my corporate CA.
First question: What must be the CN of the cert
Second question: How should I name the Openfire server in the install process:
The problem is you are trying to do something that is not standard. You will have similar issue regardless of what XMPP server you choose. You are trying to configure the openfire server to use a naming structure usually meant for web servers. you will have to have your DNS server configured in such a way that mydomain.com points to a real server such as myserver.mydomain.com (or its IP address). Then you need to setup its SRV records like (I am guessing on these as i do not need them):
_xmpp-server._tcp 3600 IN SRV 10 0 5269 mydomain.com.
_xmpp-server._udp 3600 IN SRV 10 0 5269 mydomain.com.
_xmpp-client._tcp 3600 IN SRV 10 0 5222 mydomain.com.
_xmpp-client._udp 3600 IN SRV 10 0 5222 mydomain.com.
_jabber._tcp 3600 IN SRV 10 0 5269 mydomain.com.
_jabber._udp 3600 IN SRV 10 0 5269 mydomain.com.
_jabber-client._tcp 3600 IN SRV 10 0 5222 mydomain.com.
_jabber-client._udp 3600 IN SRV 10 0 5222 mydomain.com.
To have my openfire’s users authenticate themselves using firstname.lastname@example.org instead of email@example.com is not standard ?
And with the SRV they don’t even have to specify a server name. They just give their email address and the client found the good server with the SRV record. I can’t be the only one to try to achieve this ?
On your SRV’s examples, I think they miss the domain of validity for the service. Copied from wikipedia:
_Service._Proto.Name TTL Class SRV Priority Weight Port Target
**Name**: the domain name for which this record is valid.
_sip._tcp.example.com. 86400 IN SRV 0 5 5060 sipserver.example.com.
Sorry for my poor english.
No you are not the first and surely will not be the last, but yest this ins not standard. Standard is to give a server any server a name in DNS such as mail.mydomain.com, www.mydomain.com, or chatserver.mydomain.com. What you are doing is forcing your client to resolve domain.com to your chat server. JID are like routing addresses for the clients. Some clients you need only enter the JID as firstname.lastname@example.org, others ask for the information as separate items (like spark), where you enter a username and separate server address:
This is why it is not stadard practice to do what you are trying to do.