I have configured Openfire to query over port 3268 so that all child domains (entire forest) can be searched by the Openfire server. When 389 is set, only one domain in the forest can be supported.
Over the past few months, I have beat my head against the wall trying to figure out why Avatars in AD would not work… Long story short, when using LDAP over 3268 the jpegPhoto and thumbnailPhoto fields in AD do not return a value. When I configured my Openfire server to use 389, the avatars begin to work again.
So, this should help clear up some issues in the future if you have a similar problem.
Now to my question - I want to allow avatars, and with port 3268, it is obvious that I can not use AD to keep the images. I am willing to turn on the ability to keep avatars on the Openfire server, but I want to make sure that users DO NOT have the ability to upload their own. It needs to be a corporate approved photo.
How can I enable VCard / Avatar storage on the server and allow only (specified) IT members to manage the photos for all Openfire users? By default, when enabling VCards/Avatars on the Openfire server, people are able to upload their own images… The openfire server is connected to a SQL 2000 backend on a seperate server (not sure if you need to know that to provide a solution)