New open source plugins with enterprise features are now available

Gaston_Dombiak 2008-05-13 23:52:15 UTC #1

It took us some time but we finally made it. The Enterprise Edition plugin has been broken into smaller open source plugins as mentioned in the Turning Openfire Enterprise into an open source product blog post.

The new plugins can be found here:

Monitoring Service (released on Apr 24, 2008)
Fastpath Service (released on Apr 24, 2008)
Clustering Plugin (released on May 6, 2008)
Client Control (released on May 13, 2008)

With these new plugins the total number of official open source plugins is now 17. If we add the clustering plugin that is commercial and the 3 beta plugins that includes the popular Red5 plugin the total number of plugins comes up to 21. Finally, more plugins can be found in the Non-Jive Openfire Plugins document.

Enjoy,

The Openfire Team

Daniel_Henninger 2008-05-13 23:49:19 UTC #2

workgroup API that is used by fastpath on the client side will be available in smackx soon. webchat is taking a bit longer because it’s amazingly complex to build compared to the other plugins. mostly I haven’t had a lot of time to devote to it yet, so those are coming soon in the land of open source! =)

wroot 2008-05-14 06:14:00 UTC #3

great, will test Client Control today, though i see it still has some enterprise parts and there is no download links for new Spark builds. Btw, there is already a feature request for Client Control and Spark, to disable transcripts for all Spark clients in network;)

Vishu 2008-05-14 08:48:27 UTC #4

great

yaya 2008-05-14 09:59:14 UTC #5

thank The Openfire Team!

modulok 2008-05-14 13:13:47 UTC #6

The Client Control Plugin needs to fix a ‘permitted clients’ error. Gaim is now Pidgin.

modulok 2008-05-14 13:48:56 UTC #7

A thought on the client features for the plugin. Would it be possible to add options to enable/disable Spark only items such as tasks, notes, and even invite/join conference? Small companies who only have one location probably wouldn’t need a chat conference room.

Sander 2008-05-14 13:57:53 UTC #8

Coccinella also isn’t listed, but I already made a fix myself. Available here: http://coccinella.im/bypassing-openfire-client-control

It’s really peace of cake to fake the client name…IMO this module is not worth much if you want to only allow whitelisted software.

modulok 2008-05-14 14:05:43 UTC #9

you know, that you could have just added “other client” and that probably would have allowed Coccinella to connect.

Daniel_Henninger 2008-05-14 14:07:34 UTC #10

Doesn’t really matter, sander is on a quest to say that the plugin is useless, even though a number of folk appreciate it.

Sander 2008-05-14 15:36:17 UTC #11

jadestorm, it’s useless if you expect the module to block all clients which you didn’t restricted access.

Anyway, some web admins in the past also thought restricting access to a website for a specific web browser was a good idea. Luckily, nearly all of them learnt that they were wrong.

Anyway, if people want to have real control over client access, support for client certificates would be a much more interesting feature for this module…hint, hint!

Sander 2008-05-14 15:39:04 UTC #12

Oh yes, and I forgot to add that this number of folk maybe appreciated it because they didn’t knew it was so easy to “hack”…maybe the appreciation levels will decline when they read my post

wroot 2008-05-14 15:45:39 UTC #13

sanderd, i’m still appreciating. though, maybe we will never use client restrictions, because all our employees are already restricted. But maybe in future we will need that, and such module is far enough for the novice users to stop trying.

Daniel_Henninger 2008-05-14 15:46:35 UTC #14

Actually, as I specified before, in a controlled environment, it makes it easy to help people not log in with unapproved clients. IE, sure you can hack things to get in, but if you download some client that your IT doesn’t want people using, and it fails to connect, that’s an easy way for the employee to go “oh yeah I’m not allowed to use this” instead of being let in and using something and then later being told “you weren’t supposed to be using that”. Clearly it’s possible to circumvent it, but it does provide a good reminder.

I was going to suggest adding Coccinella to the list, but at this point you’ve confused people who might read your article and go hacking Coccinella to pretend it’s Psi. Effectively the entire plugin is “suggestions”, not enforcements. If you feel like writing client certificate support, be our guest. And hey, if people want to hide the fact that they’re using Coccinella and instead announce to the world that they’re using Psi, then more ++usage stats for Psi it is!

Ryan_Graham 2008-05-14 16:02:39 UTC #15

Daniel, I know it’s impossible to please everyone but maybe you should add a line or two to the readme of the client control plugin to simply state what you wrote above: That the plugin is designed to be used in a controlled environment and that determined/sophisticated/knowledgeable users may be able to figure out a way to circumvent it. And that if an organization is determined to really lock down their environment they should simply turn off and unplug everyones computers.

NO_MESSAGES_OR_FRIEN 2008-05-14 16:04:02 UTC #16

You point is moot, in that we can easily disable your precious Coccinella via our Active Directory Policy. The plugin has may other facets that more than make up for the fact that a program like Coccinella allows you to spoof as another client. If that blog post was not there how many average users do you think would discover this on their own. How many companies/organizations allow people to install any random piece of software? If you choose to do this on your computer go for it. Quite frankly this in conjunction with the other protection already in place on our domain is more than enough.

Daniel_Henninger 2008-05-14 16:05:26 UTC #17

That’s a good point Ryan. We should make it clear that it’s possible to circumvent. I like the turn stuff off and unplug everyone’s computers. LOL!

Sander 2008-05-14 16:12:18 UTC #18

Well, I hope then that my post made clear to people that the usefulness of restricting clients using this plugin is only as being a reminder. My point is that it is not useful as a tool for enforcement or to prevent malware clients.

I don’t care about wrong usage stats. The user is not interested in usage stats. Also, when you collect data for usage stats you will see that there is something wrong with your data as there is no Psi client with version number 0.96.8 of which Entity Capabilities say it is Coccinella

Gaston_Dombiak 2008-05-14 18:19:17 UTC #19

Hey sanderd,

I’m glad that you liked the new client control plugin. Besides of controlling which XMPP clients are allowed to connect the plugin also provides other useful features as described in the readme.html. I hope that you liked them too.

Regards,

– Gato

NO_MESSAGES_OR_FRIEN 2008-05-15 13:49:33 UTC #20

The clustering plugin is not opensource. This a product Jive pays a licensing fee to distribute. If you are having a problem with another plugin, may I suggest posting in the community as this is not a discussion thread. Please do not reply to this comment.

Ignite Realtime