I’‘ve been check it out the entire “A LDAP HowTo” thread up and down and i still can’‘t authenticate against my AD. I installed JiveMessenger 2.1.2 in my DC with Win2k Adv Srv. It’'s anything wrong with that? Do I need any other stuff besides the one that comes with a normal domain controller installation? Could anyone help me with this, please?
What is wrong with the adminDN? I’‘ve tried several ways, starting by the one included in Jive documentation and every single way that i’'ve seen in this forum. PLease be more especific, what would you recommend for that?
Anyway, i made that user member of the DomainAdmins group, so i think it has plenty of rights (more that i would like it to have, since that password is store somewhere in plain text).
That will be another useful point maybe you can help me: what especif level of permision it is necesary in order to read the LDAP tree as you said?
Are you sure your baseDN is “DC=myDomain,DC=edu,DC=com”? That’'s like saying your email address is alex@mydomain.edu.com. If your domain is “mydomain.edu”, your baseDN should be “DC=mydomain,DC=edu” – assuming AD was setup correctly. I think this is what Matt was referring to.
As for the permissions of the user, in my organization all users have read access to AD since all my users are members of the Domain Users group. I don’‘t think any special privileges are needed beyond that, but I’'m not 100% sure.
One thing to note is that some places setup AD to create users where the Display Name is like “Doe, John” where the Display Name actually has a comma in it. Since AD sets the LDAP CN equal to the Display Name, you will need to escape the comma like “CN=Doe, John,CN=…”. I highly recommend that when creating the jabber user that you set the Display Name to just “jabber”.
" I’‘ve tried both ways, commas and semicolons, and still don’'t get it.
In fact, i’'ve tried almost any given configuration and their combinations.
Is it possible that the fact of using a domain.edu.cu format may be messing the hole thing up?"
that should not matter at all. The only things that matter are that the DN is typed exactly like your ldap browser shows it and that the password is correct.
I have posted my configuration which works great with windows 2003 server.
Yeesss! It WORKS! Thanks so much everybody. Here is a literal transcription of my xml conf file, in case anyone is interested in future. I used commas (,), not semicolons (;)