New open source plugins with enterprise features are now available

Gaston_Dombiak · May 13, 2008, 11:52pm

It took us some time but we finally made it. The Enterprise Edition plugin has been broken into smaller open source plugins as mentioned in the Turning Openfire Enterprise into an open source product blog post.

The new plugins can be found here:

Monitoring Service (released on Apr 24, 2008)
Fastpath Service (released on Apr 24, 2008)
Clustering Plugin (released on May 6, 2008)
Client Control (released on May 13, 2008)

With these new plugins the total number of official open source plugins is now 17. If we add the clustering plugin that is commercial and the 3 beta plugins that includes the popular Red5 plugin the total number of plugins comes up to 21. Finally, more plugins can be found in the Non-Jive Openfire Plugins document.

Enjoy,

The Openfire Team

Daniel_Henninger · May 13, 2008, 11:49pm

workgroup API that is used by fastpath on the client side will be available in smackx soon. webchat is taking a bit longer because it’s amazingly complex to build compared to the other plugins. mostly I haven’t had a lot of time to devote to it yet, so those are coming soon in the land of open source! =)

wroot · May 14, 2008, 6:14am

great, will test Client Control today, though i see it still has some enterprise parts and there is no download links for new Spark builds. Btw, there is already a feature request for Client Control and Spark, to disable transcripts for all Spark clients in network;)

Vishu · May 14, 2008, 8:48am

great

yaya · May 14, 2008, 9:59am

thank The Openfire Team!

modulok · May 14, 2008, 1:13pm

The Client Control Plugin needs to fix a ‘permitted clients’ error. Gaim is now Pidgin.

modulok · May 14, 2008, 1:48pm

A thought on the client features for the plugin. Would it be possible to add options to enable/disable Spark only items such as tasks, notes, and even invite/join conference? Small companies who only have one location probably wouldn’t need a chat conference room.

Sander · May 14, 2008, 1:57pm

Coccinella also isn’t listed, but I already made a fix myself. Available here: http://coccinella.im/bypassing-openfire-client-control

It’s really peace of cake to fake the client name…IMO this module is not worth much if you want to only allow whitelisted software.

modulok · May 14, 2008, 2:05pm

you know, that you could have just added “other client” and that probably would have allowed Coccinella to connect.

Daniel_Henninger · May 14, 2008, 2:07pm

Doesn’t really matter, sander is on a quest to say that the plugin is useless, even though a number of folk appreciate it.

Sander · May 14, 2008, 3:36pm

jadestorm, it’s useless if you expect the module to block all clients which you didn’t restricted access.

Anyway, some web admins in the past also thought restricting access to a website for a specific web browser was a good idea. Luckily, nearly all of them learnt that they were wrong.

Anyway, if people want to have real control over client access, support for client certificates would be a much more interesting feature for this module…hint, hint!

Sander · May 14, 2008, 3:39pm

Oh yes, and I forgot to add that this number of folk maybe appreciated it because they didn’t knew it was so easy to “hack”…maybe the appreciation levels will decline when they read my post

wroot · May 14, 2008, 3:45pm

sanderd, i’m still appreciating. though, maybe we will never use client restrictions, because all our employees are already restricted. But maybe in future we will need that, and such module is far enough for the novice users to stop trying.

Daniel_Henninger · May 14, 2008, 3:46pm

Actually, as I specified before, in a controlled environment, it makes it easy to help people not log in with unapproved clients. IE, sure you can hack things to get in, but if you download some client that your IT doesn’t want people using, and it fails to connect, that’s an easy way for the employee to go “oh yeah I’m not allowed to use this” instead of being let in and using something and then later being told “you weren’t supposed to be using that”. Clearly it’s possible to circumvent it, but it does provide a good reminder.

I was going to suggest adding Coccinella to the list, but at this point you’ve confused people who might read your article and go hacking Coccinella to pretend it’s Psi. Effectively the entire plugin is “suggestions”, not enforcements. If you feel like writing client certificate support, be our guest. And hey, if people want to hide the fact that they’re using Coccinella and instead announce to the world that they’re using Psi, then more ++usage stats for Psi it is!

Ryan_Graham · May 14, 2008, 4:02pm

Daniel, I know it’s impossible to please everyone but maybe you should add a line or two to the readme of the client control plugin to simply state what you wrote above: That the plugin is designed to be used in a controlled environment and that determined/sophisticated/knowledgeable users may be able to figure out a way to circumvent it. And that if an organization is determined to really lock down their environment they should simply turn off and unplug everyones computers.

NO_MESSAGES_OR_FRIEN · May 14, 2008, 4:04pm

You point is moot, in that we can easily disable your precious Coccinella via our Active Directory Policy. The plugin has may other facets that more than make up for the fact that a program like Coccinella allows you to spoof as another client. If that blog post was not there how many average users do you think would discover this on their own. How many companies/organizations allow people to install any random piece of software? If you choose to do this on your computer go for it. Quite frankly this in conjunction with the other protection already in place on our domain is more than enough.

Daniel_Henninger · May 14, 2008, 4:05pm

That’s a good point Ryan. We should make it clear that it’s possible to circumvent. I like the turn stuff off and unplug everyone’s computers. LOL!

Sander · May 14, 2008, 4:12pm

Well, I hope then that my post made clear to people that the usefulness of restricting clients using this plugin is only as being a reminder. My point is that it is not useful as a tool for enforcement or to prevent malware clients.

I don’t care about wrong usage stats. The user is not interested in usage stats. Also, when you collect data for usage stats you will see that there is something wrong with your data as there is no Psi client with version number 0.96.8 of which Entity Capabilities say it is Coccinella

Gaston_Dombiak · May 14, 2008, 6:19pm

Hey sanderd,

I’m glad that you liked the new client control plugin. Besides of controlling which XMPP clients are allowed to connect the plugin also provides other useful features as described in the readme.html. I hope that you liked them too.

Regards,

– Gato

NO_MESSAGES_OR_FRIEN · May 15, 2008, 1:49pm

The clustering plugin is not opensource. This a product Jive pays a licensing fee to distribute. If you are having a problem with another plugin, may I suggest posting in the community as this is not a discussion thread. Please do not reply to this comment.