powered by Jive Software

Openfire and LDAP userPrincipalname attribute support


First of all, great software guys! I have liked Openfire from the beggining and this is the second company I have worked for and pushed for the implementation and usage of Openfire. But this time I have hit a problem that seems to be small but in fact stops us from going further with it.

Hope I am posting this question correctly here.

So, we are using Openfire with Mysql as a DB and LDAP for authentication. The problem is that throughout the company we use the userPrincipalname attribute in the software as SSO. So all our users are used to sign in using their full e-mail address ( firstname.lastname@company.com - this is how our UPN attribute looks like ). The problem is that it with Openfire we can not use JIDs that have 2 “@”. I know that I can escape the first “@” using \40, but we can not ask our users to do that. And even if we could use JIDs with two "@"s, it would still be an annoyance because all our JID would look like firstname.lastname@company.com@node.company.com and this is very long and still not user friendly.

So my question is (and this is why I am posting in the developer forum) if there is any way I can modify the source code to make Openfire strip the @company.com part from the UPN attribute after the user has been correctly authenticated with LDAP and just use firstname.lastname (the “stripped” UPN) as the username for login. Or is there anyway Openfire can be configured to do this… or is there any plan for support for this in the near future (next versions).

Thanks for your time!