powered by Jive Software

Integration Openfire with 2 Active directories

ad

#1

I have 3 domain controllers in my laboratory, 1 of them call YGDDRASIL is the father domain and have 2 childs domains, ASGARD and MIDGARD.

ASGARD have an Active Directory users and groups.
MIDGARD have an Active Directory users and groups.

I know how to integrate openfire server with 1 Active directory succesfully.
But i dont know how to do it with both of them to have just 1 openfire server with all users in it

This LAB is a Windows Server enviroment.


#2

Openfire doesn’t support multi domain setup and it is not planned https://issues.igniterealtime.org/browse/OF-162


#3

Are you sure? Because yesterday I just did haha with the global catalog. The only thing is that I get all groups and users and I just need some of them not all (which are separate with unit organizations in my active directories)


#4

But if is like you say, probably I will get troubles afterwards. Did you know a way to integrate this?
Maybe 2 openfire server which can share users, or another open source IM server could complete this task?

The idea is to create a IM server with all users, the infrastructure is supposed to be ASGARD and MiDGARD located in different countries.


#5

If you would use same XMPP domain for both AD domains, maybe it could work, but i don’t know how you should point Openfire to both domains to pull users. Maybe as you said via Global catalog as these are not separate domains, but child domains.

Another variant is to have separate Openfire servers on every location and connect them via server to server connection. If you have one server in one country, then users from the other country will have to login to that server and even when they send messages between users in the same country, messages will be sent to the server and then from the server to a client. This can make messaging slow for these users.


#6

This should work if you use the global catalog and then use the root of your forest for the base dn. to limit the users you want to display… you’ll need to edit your group search and user search ldap query. I suggest using group membership to do that…here is a post I wrote up a while ago…with a few tweaks, it should work with child domains of the same forest.

Another options, would be as wroot stated. spin up two servers, one for each child domain (separate xmpp domains), and then use S2S to federate between the two…


#7

Thank you so much I will try that, it’s just what I wonder how to filter with LDAP querry.