powered by Jive Software

Openfire 3.7.0 - LDAP settings get trashed by the web UI?

So I installed OpenFire 3.7.0 from the RPM on a CentOS 5.6 machine and set it up for AD authentication. All went well, until I wanted to edit the LDAP configuration to adjust the user search filter.

We are using Windows SBS 2008 R2 and our base DN is of the form:


OpenFire changed this to:


which is fine, and works although it’s pretty ugly. However, in the web UI the quotes are not HTML-escaped so that when I go to “Server Settings” -> “Profile Settings” -> “Edit”. The “Base DN” field is shown as


and the “Administrator DN” field is shown as


If I choose “Save settings”, these are the values which are stored in the database and that of course breaks things. If I enter the correct values (with or without the extraneous double quotes) then everything works fine.

Examining the HTML of the page gives:

Base DN:
            <td colspan="3">

                <input type="text" name="basedn" id="jiveLDAPbasedn" size="40" maxlength="150" value="DC="*domain*",DC="local""

Note the unescaped double quotes.

I doubt it matters, but we’re using Postgres for our database server.

I just had this issue as well. After inadvertantly saving, I got locked out of the system altogether and had to reinstall.

perhaps line 131 of ldap-server.jspf needs some kind of html encoding wrapper?

baseDN = manager.getBaseDN();

related: http://stackoverflow.com/questions/655746/is-there-a-jdk-class-to-do-html-encodi ng-but-not-url-encoding


Happens in 3.7.1 and 3.8.2

Viewing your authentication settiongs/starting that wizard wipes current LDAP settings.

Check this by examing openfire.ofProperty

Can we get a dev to confirm to it can get filed in JIRA bugtracker?

*Had just made another thread http://community.igniterealtime.org/thread/50677