Hi,
I have just installed 3.3.3, it looks great. My setup is Linux(Ubuntu), sun150 JRE, Active Directory. During install, AD user and group lookups were successful, I can lookup users through the web app once running.
The assumption Im making is that users can be ‘automatically’ registed in the process of a client ‘creating an account on the server’ (using Pidgin, Linux chat client).
What I hope to achieve is that people have to ‘register’ with their userID and password, that any openfire registration happens on first connection.
Under Registration & Login I believe I want to:
-
disable Inband registration to prevent ad-hoc user ID registrations
-
disable password changes, as this can’t be done with with the AD as its readonly
-
disable anonymous login to stop unauthorized users having access
In my tests I managed to create my own userid as I cannot now create that user, however, I cannot login with it either, getting a 401:Unauthorized error. If the account go created shouldn’t it have authenticated with AD already?
For references here is my config:
<?xml version=“1.0” encoding=“UTF-8”?>
<!–
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: “prop.name.is.blah=value”
That will be stored as:
<prop>
<name>
<is>
<blah>value</blah>
</is>
</name>
</prop>
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
–>
<!-- root element, all properties must be under this element -->
<jive>
<adminConsole>
<!-- Disable either port by setting the value to -1 -->
<port>9590</port>
<securePort>9591</securePort>
</adminConsole>
<admin>
<!-- Use this section to define users that will have admin privileges. Below,
you will find two ways to specify which users are admins. Admins will
have access to the admin console (only local users) and may have also access
to other functionalities like ad-hoc commands. -->
<!-- By default, only the user with the username “admin” can login
to the admin console. Alternatively, you can specify a comma-delimitted
list usernames that should be authorized to login to the admin console
by setting the <authorizedUsernames> field below. -->
<!-- <authorizedUsernames></authorizedUsernames> -->
<!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
or remote users. -->
<!-- <authorizedJIDs></authorizedJIDs> -->
<authorizedUsernames>anadmin</authorizedUsernames>
</admin>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!–
<network>
<interface></interface>
</network>
–>
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</classN ame>
</connectionProvider>
<database>
<defaultProvider>
<driver>com.ibm.db2.jcc.DB2Driver</driver>
<serverURL>jdbc:db2://localhost:50000/OPENFIRE</serverURL>
<username>openfire</username>
<password>xxx</password>
<minConnections>5</minConnections>
<maxConnections>15</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<ldap>
<host>aserver</host>
<port>389</port>
<baseDN>xxx</baseDN>
<adminDN>yyy</adminDN>
<adminPassword>zzz</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>false</sslEnabled>
<ldapDebugEnabled>true</ldapDebugEnabled>
<autoFollowReferrals>true</autoFollowReferrals>
<usernameField>sAMAccountName</usernameField>
<searchFilter>(&(objectclass=user)(objectclass=person)(objectclass=or ganizationalPerson)(sn=)(givenName=)(company=)(!(objectclass=computer))(displayName=)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))</searchFilter>
<vcard-mapping><![CDATA[
<vCard xmlns=“vcard-temp”>
<N>
<GIVEN></GIVEN>
</N>
<EMAIL>
<INTERNET/>
<USERID></USERID>
</EMAIL>
<FN>, </FN> <NICKNAME></NICKNAME>
<ADR>
<HOME/>
</ADR>
<ADR>
<WORK/>
<STREET></STREET>
<LOCALITY></LOCALITY>
<REGION></REGION>
<PCODE></PCODE>
<CTRY></CTRY>
</ADR>
<TEL>
<WORK/>
<VOICE/>
<NUMBER> / x</NUMBER>
</TEL>
<TITLE></TITLE>
<ORG>
<ORGUNIT></ORGUNIT>
</ORG>
</vCard>]]></vcard-mapping>
<nameField>displayName</nameField>
<emailField>mail</emailField>
<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<posixMode>false</posixMode>
<groupSearchFilter>(objectclass=group)</groupSearchFilter>
</ldap>
<provider>
<vcard>
<className>org.jivesoftware.openfire.ldap.LdapVCardProvider</className >
</vcard>
<user>
<className>org.jivesoftware.openfire.ldap.LdapUserProvider</className& gt;
</user>
<auth>
<className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className& gt;
</auth>
<group>
<className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className >
</group>
</provider>
<setup>true</setup>
<log>
<debug>
<enabled>true</enabled>
</debug>
</log>
</jive>
Im sure I’m missing something simple, any guidance apprecaited!
thanks,
Andy