powered by Jive Software

Hybrid auth (local + LDAP) is supported

Hybrid auth (local + LDAP) is supported or Not in Openfire 4.0.2

I need auth login via spark both (local + LDAP) account users. How can i done it.

No, this is a not supported scenario. Though i’ve seen someone posting a workaround a few years ago, but i don’t have a link and it would be a hack, which may cause problems.

its kinda works. You can set up the providers. In its current state, you can’t add local groups, nor can you set/update the password for the local users. Passwords for the local users have to be managed directly in the database, and which are then stored in plain text. I think @Guus der Kinderen has started some work on updating the providers, but he has been very busy with other things. No eta, nor no promises that his work will address your issues!

Just chiming in to say that we’re having essentially the same challenge in getting hybrid to work properly.

Relevant configuration looks like this:

provider.auth.className = org.jivesoftware.openfire.auth.HybridAuthProvider

provider.user.className = org.jivesoftware.openfire.user.HybridUserProvider

hybridAuthProvider.primaryProvider.className = org.jivesoftware.openfire.ldap.LdapAuthProvider

hybridAuthProvider.secondaryProvider.className = org.jivesoftware.openfire.auth.DefaultAuthProvider

hybridUserProvider.primaryProvider.className = org.jivesoftware.openfire.ldap.LdapAuthProvider

hybridUserProvider.secondaryProvider.className = org.jivesoftware.openfire.user.DefaultUserProvider

With the configuration above, we’ve noted the following issues:

  1. When creating users in the Admin Console, a new user is created but the password is not saved in the ofUser table
  • When using Openfire in hybrid setup user creation is done via the HybridUserProvider which delegates creating the user to its configured primary, secondary or tertiary UserProvider (uses first one that is not read-only — only DefaultUserProvider is set to writable). For setting the password of the new created user the HybridAuthProvider is used. This throws an UnsupportedOperationException which makes the newly created user has no password set and is not usable.
  • The HybridAuthProvider should try to delegate setPassword to its configured primary, secondary or tertiary AuthProviders. Our setup has the DefaultAuthProvider set as secondary option which is able to set the password.
  1. Openfire 4.1.X has removed the default ‘ldap.adminPassword’ field from the installation – so this will need to be added manually to get the LDAP provider to be able to authenticate the AD user (this only happens when using OF in Hybrid Mode and is causing an issue during the installation).

Цитата hybridUserProvider.primaryProvider.className = org.jivesoftware.openfire.ldap.LdapAuthProvider

must be hybridUserProvider.primaryProvider.className = org.jivesoftware.openfire.ldap.LdapUserProvider

Hi @Grigory_Borovicov ,

is it working for you?
which openfire version ?