Hybrid Authentication

for reasons beyond my control, we are going to need to do a hybrid authentication to 2 AD directories. I have the wildfire.xml file working for each individually, however cannot seem to get hybrid authentication working - I assume I either have an error in my xml file (below) or there are some properties that need to be added. Any help would be much appreciated!

<![CDATA[ (&

(sAMAccountName=)

(objectClass=user)

(memberOf=cn=jabber,cn=users,dc=company,dc=com)

(!(userAccountControl:1.2.840.113556.1.4.804:=2))

(!(sAMAccountName=$))

)]]> <![CDATA[

(&(objectClass=group)

(groupType=-2147483646)

(&(displayName=Corp*))

(member=))
]]> <![CDATA[ (&
(sAMAccountName=)

(objectClass=user)

(memberOf=cn=jabber,cn=users,dc=na,dc=internal,dc=company,dc=local)

(!(userAccountControl:1.2.840.113556.1.4.804:=2))

(!(sAMAccountName=$))

)]]>

Like I said, individually the ldap queries and filters work fine, just having an issue with dual ldap directories and hybrid auth. I have been working on this with 2.6 (version currently in production) as well as 3.0.1. Again, thanks for any help.

If anybody has done a successful hybrid auth I’'d be interested in seeing a copy of the wildfire.xml file and to know if any properties had to be added…

Hi,

Since there isn’‘t anybody answering, I thought I’'d just say something, if I may.

Frankly, I’‘m not a competent LDAP user, and so please excuse me if I’'m insulting you here.

In http://www.jivesoftware.org/builds/wildfire/docs/latest/documentation/ldap-guide .html, there is a statement:

ldap.host * – LDAP server host; e.g. localhost or machine.example.com, etc. It is possible to use many LDAP servers but all of them should share the same configuration (e.g. SSL, baseDN, admin account, etc). To specify many LDAP servers use the comma or the white space character as delimiter.

I’‘m implying that this doesn’'t apply to hybrid setup, but more towards load balancing, scalibility alike concept.

In your config, you specified the same for both and , expecting that the two run down sets intuitively corresponds to each primary and secondary details. I think it had not come into their mind when they developed HybridAuthProvider to support cases like yours. If it had, perhaps they would have made something similar to:

Any LDAP genious out there to prove me wrong?

Just my $0.02 and perhaps I shouldn’'t have said anything