Openfire access from the internet with authentication using Active Directory

Hello,

I have one question, can you help me please.

I attached a file to see the diagram that I have, and I want to know if is it possible to do it.

Connect openfire with another in DMZ (S2S connexion)

Connect both openfire with the same Active Directory

My purpose is to allow users inside the company to connect to the openfire with Active directory authentication, and users outside the company with Active Directory too.

example: user (admin@domain.com) can connect to the openfire from inside and outside the campany using the same authenttication (Active Directory).

Is it possible to do that with my diagram ? or if you have another solution?

Thank you.

I use a connection manager to accomplish what you’re trying to do. The connection manager acts as a proxy on the dmz, while my openfire server is on the lan.

I used the same domain for chat that I do for email. I then use split-dns.

For example.

the domain is WHATEVER.COM

On my public DNS, I create an A record for xmpp.whatever.com that points to my public ip

I then create my SRV records _xmpp-server and _xmpp-client with a target of xmpp.whatever.com

Next on the internal DNS servers, Create a zone xmpp.whatever.com that points to the internal IP for the openfire server.

Next configure connection manager domain to use whatever.com. Configure openfire to use the domain whatever.com

*note - if this is an existing install, all your JID will change to match the the domain. Be sure to add an admin JID using the new domain.

Let me know if you run into any problems, and I’ll do my best to help

yes…however, if you want to allow server-server connections, you’ll need to also open external port 5269.

As far as jitsi…I don’t know about that one. I haven’t used it. I wish I could. Due to some vender limitations, my user base only uses IE, which doesn’t work natively with webrtc