powered by Jive Software

Openfire and LDAP userPrincipalname attribute support


I have liked and used Openfire for some time now and this is the second company I have worked for and pushed for the implementation and usage of Openfire. But this time I have hit a problem that seems to be small but in fact stops us from going further with it.

So, we are using Openfire with Mysql as a DB and LDAP for authentication. The problem is that throughout the company we use the userPrincipalname attribute in the software as SSO. So all our users are used to sign in using their full e-mail address ( firstname.lastname@company.com - this is how our UPN attribute looks like ). The problem is that it with Openfire we can not use JIDs that have 2 “@”. I know that I can escape the first “@” using \40, but we can not ask our users to do that. And even if we could use JIDs with two "@"s, it would still be an annoyance because all our JID would look like firstname.lastname@company.com@node.company.com and this is very long and still not user friendly.

So my question is if there is any way I can modify the source code to make Openfire strip the @company.com part from the UPN attribute after the user has been correctly authenticated with LDAP and just use firstname.lastname (the “stripped” UPN) as the username for login. Or is there anyway Openfire can be configured to do this… or do you know if there is any plan for support for this in the near future (next versions).

I know similar questions have been posted but there has either been no answer or solutions that we can not use (like that with escaping the @).

Thanks for your time!