powered by Jive Software

Ldap for authentication only?

Hello Openfire Community,

I am evaluating Openfire as a possible replacement for our jabberd2 server.

My basic requirements include ssl client communication, ssl ldap authentication, automatic user account creation (after successful ldap authentication) and multi-user chat.

I have installed openfire on windows (very nice installer) and appear to be authenticating users against my ldap directory. My ldap contains over 100,000 people, of which only 300 to 400 use jabber.

In jabberd2, I use ldap for authentication, but jabberd2’s user info, rosters, etc., are stored in mysql. Jabberd2 creates a user’s mysql entry on first login to the server.

It appears that openfire’s model is to “import” an entire ldap directory into local storage and then operate from there, using ldap for ongoing authentication and openfile directory updates only? Unfortunately, due to directory policy, I cannot do such an import. If I am correct in this thinking, is there a way in Openfire to use ldap for authentication only and store all other user info locally?

Hi Michael,

I am having the same problem as yours.

We have users in both MySql as well as in LDAP. For now we are using openfire with MySql for auth, roster, PubSub etc. And now we want the users to be authenticated from the LDAP only, and all other information roster, PubSub should load/work from MySql.

As for as I understand, I feel we can achieve this by using "HybridAuthProvider".

  1. Create a new custom auth provider for LDAP and use that in openfire
  2. And use the MySql for users, groups, PubSub

Experts please suggests how we can achieve this?



I don’t beleive that it stores the whole AD directory, just those that have actually logged in. When I set my openfire server up, it showed everyone but I only have the 7 users that have logged in stored in MySQL.