powered by Jive Software

Jive and LDAP integration

I am new to Jive spark and wildfire. I was able to successfully load the server and the client but now I would like to go one step further and eventually offer this service company-wide.

I understand that one of the capability of wildfire is to integrate with Active Directory and authenticate users off of that database but I still don’'t understand if it is possible to also obtain the entire list of users off AD.

Basically I would like our users to be presented with the entire list of users currently on AD and show them either online or offline.

If this is possible I would like to know how to do it.

Another area that I would need some help on is LDAP integration. I have never used LDAP on a MS AD and I would really appreciate any help.

Is LDAP active on the domain controller by default? should I start some kind of service? Where do I edit all the settings for LDAP?

I currently use Radius off of AD for VPN authentication and everything works just fine but I have the feeling LDAP is much harder to setup.

Any help or link is greatly appreciated.

Thanks

Well, you’'re in luck because AD is basically a glorified LDAP server.

I’‘m using LDAP and Wildfire here at my organization, and it’'s working well. There is nothing to setup in AD other than a service account user for the Wildfire server. You can see a short explanation of my setup here:

http://www.jivesoftware.org/community/message.jspa?messageID=120078

You can see a long explanation here:

http://www.jivesoftware.org/community/thread.jspa?messageID=100951

Be warned that the log post is old and only works with older version of Jive Messenger, which is what Wildfire used to be called. Most of that post is good, just don’'t copy the class names, they are all wrong. If you have any more specific questions, let us know.

Thanks. very good information and I think I am starting to understand how all this works.

I still have a question about all the parameters like:

<![CDATA[ (& (objectCategory=Person) ....... Where do I actually enter these settings? I believe this should be somewhere on our domain controller/active directory but I can''t find it. Is this some sort of configuration file? Thanks.

Another question I have is where do I specify the AD IP address so that JM can send its queries to?

I mean if this is like Radius I should be able to specify an IP/port and a password so that both can communicate, right?

Thanks.

those settings go inside the Wildfire.xml fire under the bit as far as I am aware

However I still can’'t get mine working as of yet.

you also specify the hostname in there too, here is an example

As mentioned, those settings go in your conf/wildfire.xml[/b] file. There should be no configuration changes needed on the AD server apart from creating the user account that Wildfire will use to query AD.

The first post I linked to doesn’‘t have all the LDAP settings, only the user and group search options. If you haven’‘t already, read the LDAP Guide[1] in the documentation section. It’‘s not AD-centric, but it’'s a great place to get your feet wet.

http://tinyurl.com/o7zfq

I followed the instructions, edited the Wildfire.xml file and read a lot of documentation but I still can’'t make it work.

One question I still have is if I need to start any service on the MS Active Directory server because I don’'t see any logs that show wildfire connecting to it.

Right now my goal is to be able to have the users login using their username and password contained in AD, and also have the list of users show up in Spark.

We have all our 50 users under the default group “users” in AD.

This is the wildfire.xml file:

hidden

any help is really appreciated.

Are you sure this line is correct?:

[/code]

Is the Administrator user in the root AD tree or is it in the Users[/b] folder? If it’'s in the Users[/b] folder, try using this adminDN:

cn=administrator,cn=users,dc=excelacom,dc=com[/code]

One tip I forgot to mention: go to http://www.ldapbrowser.com/download/index.php and download the free version of LDAP Browser (it’‘s 2.6 right now). User it to test with. It’‘s helpful for testing authentication and figuring out what DN’‘s to use (like the fact that the Users “OU” is not really an OU – it’'s a CN).

Thanks.

I just installed the LDAP browser as you suggested (great tool by the way) and when I try to connect I get “invalid credentials” which could mean anything.

If I go to my domain controller I don’'t see any logs in the event viewer telling me that there even was a tentative to connect to the server.

What I think I should do now is to look at our AD and see how the fields are setup in the database. Is there a specific tool to look at that?

Doing some general research I read about a Microsoft tool called ADSI but I am not sure it works with Window 2000.

Am I moving to the right direction?

I have some good information that may help troubleshoot this problem.

I have been capturing traffic between the wildfire server and our AD server to see what happens when I try to login using spark.

I was expecting to see some LDAP queries going back and forth but what I have seen is… nothing! absolutely nothing. This is telling me that there must be something wrong tin the wildfire settings.

I think there should be some switch to tell wildfire to authenticate against the LDAP instead of the internal database.

BTW I am sure I am capturing packets because I can see pings going between servers.

The tool you want to use is LDAP Browser. The “invalid credentials” probably means you don’'t have your “username” set right. To fix, try this:

  1. Right-click on the server in LDAP Browser and choose Properties

  2. On the Credentials tab, make sure the User DN[/b] is right. It should look like this:

CN=Administrator,CN=Users,DC=excelacom,DC=com[/code]

Once you get into AD from LDAP Browser, things will start making more sense to you.

I’‘ve tried every single interpolation of these values and it still doesn’'t work.

I just don’'t think I should be trying to get this thing working by shooting in the dark with random values.

If I want to really get this working I think I should first find out what these values are in AD. Does anyone knows how can I look up the subtree for all the entries in my AD (MS Domain controller)?

Basically I would like to go somewhere in my AD and see what are the values for dc, dn, cn etc.

ADSIEdit[/b] will show you this information. After you open it, look in the Domain[/b] section.

I am one little step ahead.

I used ADSI to find out the tree structure (it was completely different than what I thought.

Then I ran LDAP browser and I was finally able to access the LDAP database and all of its tree!

Then I edited wildfire.xml with the new discovered values and this is what happens:

Spark, still can’‘t connect but I get a "can’'t connect to the wildfire server" message.

So I went to the wildfire management page but I always get redirected to the setup screen, even after I enter the admin password and I click on the “login here” link I get bumped back to the setup page. grrrrr

how can I get this thing working!