So I installed OpenFire 3.7.0 from the RPM on a CentOS 5.6 machine and set it up for AD authentication. All went well, until I wanted to edit the LDAP configuration to adjust the user search filter.
We are using Windows SBS 2008 R2 and our base DN is of the form:
OpenFire changed this to:
which is fine, and works although it’s pretty ugly. However, in the web UI the quotes are not HTML-escaped so that when I go to “Server Settings” -> “Profile Settings” -> “Edit”. The “Base DN” field is shown as
and the “Administrator DN” field is shown as
If I choose “Save settings”, these are the values which are stored in the database and that of course breaks things. If I enter the correct values (with or without the extraneous double quotes) then everything works fine.
Examining the HTML of the page gives:
<td colspan="3"> <input type="text" name="basedn" id="jiveLDAPbasedn" size="40" maxlength="150" value="DC="*domain*",DC="local""
Note the unescaped double quotes.
I doubt it matters, but we’re using Postgres for our database server.