LDAP Configuration

Okay, to start off… I feel like kind of an idiot for having to post this. I’ve used the Community forum for a while to answer my questions (although this is the first time I’ve posted anything). I’ve set up Openfire on a Windows 2k3 SBS server and it’s been working great for 6 months… but now I’m setting up Openfire on another server and having issues getting it intitially set up. Everyone says it’s an easy setup, and I agree, but I’m having issues with the BaseDN and AdminDN and getting it to recognize my users properly. When I test it on the first set up portion it says successful… but when I test anything after that it errors.

My Domain is a Windows 2003 Server domain, with the following AD setup:

My Domain Name is: Chambers.mpls

My OU where all the Users are contained is: Chambers Users

So, I used this as the BaseDN:

OU=Chambers Users,dc=chambers.mpls

I’ve also tried:

OU=Chambers Users,dc=CHAMBERS.MPLS,dc=local (only just trying it)

For AdminDN I use:

useraccout@chambers.mpls (where useraccount is a Domain Admin)

Both of them actually work when I test it, but when I go to the next screen and try to randomly test a user - it errors saying it cannot find a user and consequently when I go to the last step of adding an Admin, no usernames will work. I’ve tried every combination I could think of and verified that the user has access to the baseDN/AD - that username can create users and is a domain admin, etc…

So, I feel stupid that I can’t figure it out, and I’m thinking it’s something easy, but for the life of me I can’t get it going. The only thing I can think of is that there is a space between Chambers and Users in my AD, so I tried putting OU=Chambers_Users, OU=“Chambers Users”, OU=ChambersUsers but none of those worked either.

Anyone have any ideas that I can try or other configurations? I’ve looked through 10’s of pages of posts and for whatever reason I can’t find any more information on what I’m missing. ANY help would be greatly appreciated. I can upload my openfire.xml if I need to, but didn’t yet.

Thanks,

Izac

First is your AD structure carved in stone? I would recommend getting rid of spaces and othe non-standard characters in OUs and group names. I am done preaching now.

Is your domain actually Chambers.mpls.local or just Chambers.mpls?

Try: OU=Chambers Users,dc=Chambers,dc=mpls or OU=Chambers Users,dc=Chambers,dc=mpls,dc=local

I didn’t set up the server to begin with and would have never put the space in… but I didn’t set it up and at this point I don’t think I’d feel comfortable changing it, just so that I don’t cause more problems.

The domain is chambers.mpls (no .local)

I swear to god I tried that and it didn’t work before… but it just worked when I put it in the exact same way you typed it (the first one)… SIGH! Well, great! It works and I was able to add an Admin user, etc…

One quick question if possible… when I logged into the Admin console there’s a yellow exclamation where it says Server Name: 127.0.0.1 and when I hover over the yellow exclamation it says “Found RSA Certificate that is not valid for the server domain” - Any idea what that is?

Gonna say this was the right answer though… unsure how I screwed it up and I knew it was something easy.

When you ran through the setup you did you enter the Fully Qualifide Domain Name of the Server for its name? This is on the screen right after language selection (see attachemnt below). If you did not do this you can force openfire to rerun the setup config by editing your openfire.xml file. To do this stop openfire server, goto your openfire program folder, goto the conf folder, edit openfire.xml. Make the <setup> tag read <setup>false</setup>.

It is using the computer name and not the FQDN. I could change it to the FQDN if that’s why the problem is occuring. I didn’t do the FQDN because it defaulted to the computer name and figured I’d just leave it to defaults.

After the steps in my last post if the error is still there then you need to delete the certificates. This can be done via the admin console under the main Server tab see below.