LDAP night build 12.21.2004

I just tried to get the night build working with AD.

If I enable the ldap section I can not log into the admin server on 9090. If I comment it out then it reads the admin user and password from the database.

Do I have to create the same user in my ldap structure too?

By default, only the user with a username “admin” can login to the admin console. You can add additional usernames by setting the messenger property admin.login.allowedUsernames. There are a few ways you can do this:

  1. Login to the admin console with LDAP disabled and add the property in the the properties page with a username that’'s in LDAP. Shut off the server and enable LDAP. Try logging in as that user.

  2. Do a direct database insert into the jiveProperty table.

The real solution is to add LDAP to the setup process so that this can all be configured there. We’'ll add that as a TODO.

Please let me know how the above works. Not a lot of testing has been done on the new LDAP functionality so feedback would be great.

Thanks,

Matt

I am looking at the properties, and I’'m unclear what to modify.

Under server manager, I see “System Properties” but nothing there seems to relate to adding another administrative user.

There’'s a generic “Add new property” option, but I have no idea what property to add, or what value to assign.

Under “server properties” there’‘s a button labeled ‘‘edit properties’’ but that doesn’'t seem to help, either.

BTW, when I add the LDAP user name, should I include the full DN?

I’‘ve got a huge LDAP environment to play with, but I’'m pretty ignorant about how this Jabber server works.

Regards,

Anomaly

Anomaly,

In order to enable LDAP support (only pertains to new nightly builds or the upcoming 2.1), you’‘ll need to edit the config file manually. LDAP support is also currently read-only. So, you can see all the users in LDAP, but you can’‘t create new ones through Messenger (you have to create new users directly in LDAP). BTW, you’'ll also see a setting in the config file to add additional users to the list of users allowed to login to the admin console.

Regards,

Matt

Just a note. I have gotten the 2.1.0 Beta to authenticate with AD. In fact, I currently have it working with ADAM on WinXP Pro. It took some hair pulling, but that was with ADAM, not Jive. Here is my configuration xml for an example. Enjoy.

localhost

389

uid

cn

mail

o=Microsoft,c=US

cn=admin,ou=ADAM Users,o=Microsoft,c=US

admin

true

false

org.jivesoftware.messenger.ldap.LdapUserProvider

org.jivesoftware.messenger.ldap.LdapAuthProvider

Does anybody know if “uid”, “cn”, and “mail” are the same names in every AD instance? If so, we can document that fact. Anything else about AD that we should include in the Messenger docs?

Thanks,

Matt

Here is my ldap config…

192.168.10.6

389

uid

cn

mail

OU=Users,DC=dfwgroup,DC=net

cn=xxxx,OU=Users,DC=dfwgroup,DC=net

xxxx

true

org.jivesoftware.messenger.ldap.LdapUserProvider

org.jivesoftware.messenger.ldap.LdapAuthProvider

This is for a Win2k AD under the “dfwgroup.net” domain. Am I missing something that I should know (I am not a ldap pro)? It doesn’'t even put anything into the debug.log on the server (and yes, I have it uncommented in the config file). Any help would be appreciated.