"Migrating" Openfire users from local database to LDAP for authorization

Hi All,

Sorry in advance if this question has already been asked. With the help of Todd Getz’s AD/LDAP document,

I have successfully got a test instance of Openfire 3.6.2 pulling user and group information from our enterprise

Active Directory.

We have an existing production Openfire 3.5.2 server which is set up to use an external MySQL

database but is not using LDAP for user authentication (rather, simply users/groups created in the

Openfire Admin GUI). Are then any issues other people have encountered or that I should be

aware of in switching this running server to use LDAP for authentication?

I am not planning to upgrade the server at the same time (so will still be running 3.5.2). I guess the

procedure would be shut down the server, make the necessary changes to the openfire.xml file updating

it with the LDAP bind and filter information, and bring it back up again - hopefully pulling user/group info

from LDAP.

What happens with the existing accounts for example? E.g at present all users have the same local

username as their sAMAccount name in the LDAP I will be connecting to.

Any info would be great

I am not sure what will happen with the existing local data. You do not need to to do lots of edits to teh openfire.xml to make this happen. Just change teh setup tag to false. Then start openfire. Go tot he admin site and you will be asked to configure the server again. You can then enter teh LDAP info. You will need to make the changes to the vCard settings in the openfire.xml file afterward.

Hi Todd, followed your advice and everything worked a treat - no surprises!