powered by Jive Software

Ldap and creating users

I have tried to configure LDAP, and in some respect it is working. I am using the client Soapbox. If doing a search inside the client I am able to find people in the AD. So, its working to some extent as these people have not been added to the Users yet. There are a few things I just don’‘t understand. I have setup the server to use the embedded database as I am not using any sort of MySQL or the like. I believe I understand the basic ldap settings fine. But when I log in I am using a different password than the one thats in the active directory and it logs in fine. Shouldn’'t it use the AD password? This tells me that I am authenticating to the embedded database and not the AD. Is there a way to just add the users in AD in one step, or should I leave it up to the users to create the accounts? Is there a way to only allow users in the AD to create accounts? Thanks for any help.

There are a few things I just don’'t understand. I

have setup the server to use the embedded database as

I am not using any sort of MySQL or the like. I

believe I understand the basic ldap settings fine.

But when I log in I am using a different password

than the one thats in the active directory and it

logs in fine. Shouldn’'t it use the AD password?

This tells me that I am authenticating to the embedded

database and not the AD. Is there a way to just add

the users in AD in one step, or should I leave it up

to the users to create the accounts?

Somehow you may check your wildfire config file.

To authenticate against AD I think you need to configure the AuthProvider tag be something like

[/code]

but beware that the accounts not from AD may not be able to authenticate if you are doing so.

Also check whether your baseDN is correct.

Is there a way to only allow users in the AD to create accounts?

Thanks for any help.

You may set only users in the AD to have administrative rights in wildfire (i.e. those under authorizedUsernames tab).

I guess maybe a better question would be, what good is using LDAP? What do I get out of it? I still have to use a database embedded or external, I have to create the clients manually or let the clients do it. Whats the benefits? Thanks for your help

if you are authenticating to LDAP, I take it LDAP not in the AD tree, then you will not use the same credentials because you are not logging into AD. If you want to authenticate against the AD, then you need to configure the wildfire.xml to look at the AD LDAP instance for user_name and password information.

If you are talking about the backend database, I have a sneaking suspicion that is used for logging conversations, storing MUC information, vCards, etc. I am not sure on that last part, as I am asking a similair question myself. But I am presently using a pre-existing LDAP DB from Novell for user login authentication and it is working fine. Sorry if I have everything wrong.

When you say that you are manually creating users, I do not understand that. Do you not have users in the Active Directory that are authenticating?

Jeff

Here is my XML file

Are you saying that if I am authenticating to AD then I do not have to create users? It will just look at the AD? The search function on one of my clients works fine and I can see users in the AD.

If you authenicate against AD, then the user names being used will be their AD user names. I believe you can see users in AD because you are providing your AD login to authenticate searches. Wondering , just as a test if you put a user name in there that doesn’'t have the ability to search the USERS container in AD if the searches would work…

I believe I am correct in my assumption on this.

Jeff

Forgot to mention, although it is mentioned here alot already, when you do get your config pointing to AD, the entries you have in the admin portal function are no longer going to work, except for the kevinc entry as it looks to be your AD account name. all local accounts will stop working as Wildfire only looks at one place for authentication.

Good Luck,

Jeff

My XML must not be configured properly then. Because I can still login as admin. My Kevinc account exists in the local database and AD. But hte password I use to get in is based on the local Database account. The AD password does not work. Still confused about AD. Does it not only look at the username but the password as well? If you are using AD, do you still have to configure the password on the local Database?

How can I test AD to make sure its working correctly?

Also, I noticed something. Shouldn’'t my BaseDN read OU=“Domain Users”,DC=Domain,DC=net?

It currently reads CN=“Domain Users”,DC=Domain,DC=net?

Message was edited by: KevCar

I have Tried and tried to get this thing working. I have spent days on this. I can’'t believe its this hard. Can SOMEONE tell me what I am doing wrong. Here is my xml as of now.

I am unable to login to the console with the kevinc account in AD. I can login in with the kevinc local database account. I can’'t for the life of me figure this out. I am however able to search the AD for users to add to my contact list.

Finaaly figured this out. It was the spaces in the ou that was preventing me from logging in. Wish it said NO SPACE’'s in the Manual.