New open source plugins with enterprise features are now available

Gaston_Dombiak · 2008-05-13 23:52:15 UTC

It took us some time but we finally made it. The Enterprise Edition plugin has been broken into smaller open source plugins as mentioned in the Turning Openfire Enterprise into an open source product blog post.

The new plugins can be found here:

Monitoring Service (released on Apr 24, 2008)
Fastpath Service (released on Apr 24, 2008)
Clustering Plugin (released on May 6, 2008)
Client Control (released on May 13, 2008)

With these new plugins the total number of official open source plugins is now 17. If we add the clustering plugin that is commercial and the 3 beta plugins that includes the popular Red5 plugin the total number of plugins comes up to 21. Finally, more plugins can be found in the Non-Jive Openfire Plugins document.

Enjoy,

The Openfire Team

Daniel_Henninger · 2008-05-13 23:49:19 UTC

workgroup API that is used by fastpath on the client side will be available in smackx soon. webchat is taking a bit longer because it’s amazingly complex to build compared to the other plugins. mostly I haven’t had a lot of time to devote to it yet, so those are coming soon in the land of open source! =)

wroot · 2008-05-14 06:14:00 UTC

great, will test Client Control today, though i see it still has some enterprise parts and there is no download links for new Spark builds. Btw, there is already a feature request for Client Control and Spark, to disable transcripts for all Spark clients in network;)

Vishu · 2008-05-14 08:48:27 UTC

great

yaya · 2008-05-14 09:59:14 UTC

thank The Openfire Team!

modulok · 2008-05-14 13:13:47 UTC

The Client Control Plugin needs to fix a ‘permitted clients’ error. Gaim is now Pidgin.

modulok · 2008-05-14 13:48:56 UTC

A thought on the client features for the plugin. Would it be possible to add options to enable/disable Spark only items such as tasks, notes, and even invite/join conference? Small companies who only have one location probably wouldn’t need a chat conference room.

Sander · 2008-05-14 13:57:53 UTC

Coccinella also isn’t listed, but I already made a fix myself. Available here: http://coccinella.im/bypassing-openfire-client-control

It’s really peace of cake to fake the client name…IMO this module is not worth much if you want to only allow whitelisted software.

modulok · 2008-05-14 14:05:43 UTC

you know, that you could have just added “other client” and that probably would have allowed Coccinella to connect.

Daniel_Henninger · 2008-05-14 14:07:34 UTC

Doesn’t really matter, sander is on a quest to say that the plugin is useless, even though a number of folk appreciate it.

Sander · 2008-05-14 15:36:17 UTC

jadestorm, it’s useless if you expect the module to block all clients which you didn’t restricted access.

Anyway, some web admins in the past also thought restricting access to a website for a specific web browser was a good idea. Luckily, nearly all of them learnt that they were wrong.

Anyway, if people want to have real control over client access, support for client certificates would be a much more interesting feature for this module…hint, hint!

Sander · 2008-05-14 15:39:04 UTC

Oh yes, and I forgot to add that this number of folk maybe appreciated it because they didn’t knew it was so easy to “hack”…maybe the appreciation levels will decline when they read my post

wroot · 2008-05-14 15:45:39 UTC

sanderd, i’m still appreciating. though, maybe we will never use client restrictions, because all our employees are already restricted. But maybe in future we will need that, and such module is far enough for the novice users to stop trying.

Daniel_Henninger · 2008-05-14 15:46:35 UTC

Actually, as I specified before, in a controlled environment, it makes it easy to help people not log in with unapproved clients. IE, sure you can hack things to get in, but if you download some client that your IT doesn’t want people using, and it fails to connect, that’s an easy way for the employee to go “oh yeah I’m not allowed to use this” instead of being let in and using something and then later being told “you weren’t supposed to be using that”. Clearly it’s possible to circumvent it, but it does provide a good reminder.

I was going to suggest adding Coccinella to the list, but at this point you’ve confused people who might read your article and go hacking Coccinella to pretend it’s Psi. Effectively the entire plugin is “suggestions”, not enforcements. If you feel like writing client certificate support, be our guest. And hey, if people want to hide the fact that they’re using Coccinella and instead announce to the world that they’re using Psi, then more ++usage stats for Psi it is!

Ryan_Graham · 2008-05-14 16:02:39 UTC

Daniel, I know it’s impossible to please everyone but maybe you should add a line or two to the readme of the client control plugin to simply state what you wrote above: That the plugin is designed to be used in a controlled environment and that determined/sophisticated/knowledgeable users may be able to figure out a way to circumvent it. And that if an organization is determined to really lock down their environment they should simply turn off and unplug everyones computers.

NO_MESSAGES_OR_FRIEN · 2008-05-14 16:04:02 UTC

You point is moot, in that we can easily disable your precious Coccinella via our Active Directory Policy. The plugin has may other facets that more than make up for the fact that a program like Coccinella allows you to spoof as another client. If that blog post was not there how many average users do you think would discover this on their own. How many companies/organizations allow people to install any random piece of software? If you choose to do this on your computer go for it. Quite frankly this in conjunction with the other protection already in place on our domain is more than enough.

Daniel_Henninger · 2008-05-14 16:05:26 UTC

That’s a good point Ryan. We should make it clear that it’s possible to circumvent. I like the turn stuff off and unplug everyone’s computers. LOL!

Sander · 2008-05-14 16:12:18 UTC

Well, I hope then that my post made clear to people that the usefulness of restricting clients using this plugin is only as being a reminder. My point is that it is not useful as a tool for enforcement or to prevent malware clients.

I don’t care about wrong usage stats. The user is not interested in usage stats. Also, when you collect data for usage stats you will see that there is something wrong with your data as there is no Psi client with version number 0.96.8 of which Entity Capabilities say it is Coccinella

Gaston_Dombiak · 2008-05-14 18:19:17 UTC

Hey sanderd,

I’m glad that you liked the new client control plugin. Besides of controlling which XMPP clients are allowed to connect the plugin also provides other useful features as described in the readme.html. I hope that you liked them too.

Regards,

– Gato

NO_MESSAGES_OR_FRIEN · 2008-05-15 13:49:33 UTC

The clustering plugin is not opensource. This a product Jive pays a licensing fee to distribute. If you are having a problem with another plugin, may I suggest posting in the community as this is not a discussion thread. Please do not reply to this comment.