Ldap Configuration

Hi,

I have installed and configured wildfire in fedora core system.now i want to authenticate users from windows active directory.i have also configured wildfire.xml file in the conf directory.but it’'s not working.is there anything else i need to do to get active directory users to connect it as IM client?

here is my wildfire.xml file

<?xml version="1.0" encoding="UTF-8"?>

Thanks,

Rawlins

When you say “not working” can you be more clear? Do the logs say anything? Can you get into the admin console?

The most obvious problem I see is you have no host defined for the ldap server… you might try giving it the hostname or IP of your AD ldap server. Also, you should now change the password on your jabber admin account- its always a bad idea to post that to a public fourm

Also, take the comments out around your ldap config…

hi,

So many thanks for the reply.

yes i am able to login to admin console.but it does not show me any users from active directory.and i m also not able to use my ldap users to conect through IM client.can you pls tell me the log file path or how to enable logging.because there is no helpful info in the logs directory.

Thanks,

Rawlins

Try this config

<?xml version="1.0" encoding="UTF-8"?> <!-- This file stores bootstrap properties needed by Wildfire. Property names must be in the format: "prop.name.is.blah=value" That will be stored as: value

Most properties are stored in the Wildfire database. A

property viewer and editor is included in the admin console.

><! root element, all properties must be under this element -->

Insert your domain controller for the host. Also, I assumed you are going to use Jabberadmin to log into the console. Make sure Jabberadmin is an actual AD account with permission to read the AD (administrator). I also hope that password is not the correct password. If so, get to changing it.

hi,

its working now.the user was not there in MS active directory.

Thanks,

Rawlins.

Hi,

Now I am not able to populate the active directory groups into wildfire admin console.here is my configuration file

<?xml version="1.0" encoding="UTF-8"?> <!-- This file stores bootstrap properties needed by Wildfire. Property names must be in the format: "prop.name.is.blah=value" That will be stored as: value Most properties are stored in the Wildfire database. A property viewer and editor is included in the admin console. 9090 9091 admin,jabberadmin,wildadmin,ritesh.majumdar,harmanjit.sing h admin,jabberadmin,ritesh.majumdar,harmanjit.singh en 192.168.1.189 dc 389 sAMAccountName displayName mail cn=Users,dc=synapse,dc=com jabberadmin ********* true ou member true Is this configuration correct??or some changes are to be done. Thanks in advance, Rawlins.

Well there are a couple of ways to accomplish this task.

First and the easiest is to move the jabber enabled users into a custom OU and out of the default one of Users, then point your BaseDN to that OU for example OU=Jabber,DC=synapse,dc=com after this you can create OU’'s under this one to populate with your users and groups in an organized manner. Finally you can then delete the groupsearchfilter command in your config. VIOLA just the users and groups located in the jabber OU or below show up in your Users/Groups page in your wildfire Console. (Your Jabber admin MUST be in this OU as well)

The second way is to verify that ALL of your jabber enabled users and groups are in the BaseDN searchpath (currently CN=Users,DC=synapse,DC=com) then you will need to verify that the group and user searchfilters are correct otherwise it will show every object in your Users OU…

loonybin88

I have seperate container for users and groups in active directory and cannot move all groups and users to a single container.

user DN is cn=Users,dc=synapse,dc=com

groups DN is ou=Groups,dc=synapse,dc=com

so with these configuration and without changing anything in my active directory,can populate all my groups to wildfire admin console?

Thanks,

Rawlins

Hi,

I have done a lot of LDAP research this week.

see my post

http://www.jivesoftware.org/community/message.jspa?messageID=117849#117849

if it helps , points awarded would be great!

–sboggs

You still can have your groups show up in your Wildfire console. You will just need to move your BaseDN up a level. LDAP cannot search laterally it can only search down, so if your Users and Groups OU’‘s are brother objects your BaseDN needs to be set to there parent object, for example the root of your AD tree. “dc=example,dc=com” Doing this will allow LDAP to browse both the the OU’'s below it that contain your users and your groups.

Hope this helps,

loonybin88

i have populated my AD groups to admin console successfully by implementing search filter but now i am facing problem at the client end. I am using spark client and spark’'s search utility does not able to find the users from server.and also from the client end when some one add me in their spark client ,notification window does not popup on my screen to accept or deny him.

is something be done at server end or it’'s the problem at spark client…???

Thanks,

Rawlins.