Hi,
I have just successfully installed and configured Openfire in a Microsoft Active Directory environment, authenticating users via LDAP against one single domain (“my” domain),
dc=first,dc=entry,dc=example,dc=com
I can authenticate myself just fine, being a member of that domain.
Alas, there are users around who are part of an other domain
dc=second,dc=entry,dc=example,dc=com
where “entry.example.com” is the common root for both the second and first entry. I would like to enable authentication for both domains (a whole forest of domains, actually), i.e.
someone@second.entry.example.com
but do not know how to accomplish this.
In Bugzilla I tweaked the Perl LDAP lookup code such that the standard Active Directory logins
first\me
second\someone
would work, translating the “first” and “scond” to a dn= entry on querying. My local LDAP server would then send me an LDAP_REFERRAL response to the other domain LDAP server, which I then could query to get authentication.
How would one do this for Openfire? The challenge is to enable LDAP for a forest of domains (hosted on Active Directory).
Many thanks
Stefan