LDAP - AD on another server

jeffk · June 21, 2007, 8:48pm

I had OpenFire and LDAP working fine on my server. I was asked to remove the AD from my server for security reasons.

I now have set up of:

Server 1 running Active directory (users.example.com)

Server 2 running OpenFire (chat.example.com)

How do I configure LDAP to look at server 1 for authentication. I have tried changing (in the config xml file) host from localhost to users.example.com and tried changing dc=example,dc=com to dc=users,dc=example,dc=com and neither worked.

Is there something I am missing? Do I have to add something or change windows? Is this even possible? We have other servers that are doing a similar task without AD running so I would think so.

Any help is greatly appreciated.

Darren_Sykes · June 21, 2007, 8:53pm

I’‘m not sure I understand the question; you had AD installed on your openfire server previously? Your Openfire server doesn’'t need that, nor does it have to be a domain member.

You just need to reference the LDAP server (not the domain necessarily) in your XML file, but you do need to specify a valid user account in the domain in which you request information to use to authenticate users.

jeffk · June 22, 2007, 12:37am

Sorry if I wasn’'t clear.

I had set it up with AD because I thought I needed it for authentication (I am new to this)

It worked great when it was locally running but now I cannot get it work without it actually on that server.

I have a username and Pass I user to authenticate against. How do I reference the LDAP server? I think that is where I am doing it incorrectly. Based on this setup:

Server 1 running Active directory (users.example.com)

Server 2 running OpenFire (chat.example.com)

User: Chatadmin and 123456 for authentication

in openfire.xml I have:

host used to have “localhost” but I have removed it.

Message was edited by: jeffk

Darren_Sykes · June 22, 2007, 9:02am

Ah ok. You’'ll need to add the name of one of your AD Domain controllers in the host field.

jeffk · June 22, 2007, 10:54pm

So is it just a matter of:

Server 1 running Active directory (users.example.com)

Server 2 running OpenFire (chat.example.com)

User: Chatadmin and 123456 for authentication

ldap>

users.example.com

I am doing a fresh install to test it, but I think I have tried that before with no luck. I will be back if still no luck.

thanks

Darren_Sykes · June 23, 2007, 9:33am

If you domain name is example.com then yes, that looks fine to me.

You’‘ll obviously also want to make sure that your chatadmin user has it’'s password not set to expire.

Try it with those settings, then post the log if it doesn’'t work.

D

jeffk · June 25, 2007, 5:38pm

It did not work. I verified with my head tech honcho that there was no firewall issue and there wasn’'t.

I went though each item, changing it bit by bit and found it

I had

did the trick. Thanks for the help.