powered by Jive Software

Openfire and ldap: which is the best setup?


in my organization we have two different sites (A, B), one of them (A) is running openldap + openfire and we’d like to configure openfire to use the accounts exported via ldap for all the users of the two sites. But the problem is that if the connection between the two sites is broken, users of the A domain will still be able to communicate with openfire, while of course users of domain B will not. We were thinking to place an openfire server also in B, that can copy the accounts of the B domain from the ldap server and can use them in case the openfire server in A is not reachable. Is there a way to do this? Any suggestion on the configuration of openfire to provide a communication between A and B and within the single domains in case of network problems between them?




Have you thought about using replication for openldap. Have site A be the master and B be the ldap slave. The openldap website has the instructions for this if you think it might work.

Good Luck,


Yeah, I thought about that, the problem is that installing openldap on the B machine will be quite difficult, that is because I was searching for a different solution.

You could use server to server communication if you setup a second Openfire server. The problem is if you are using a single LDAP server for both servers and the LDAP server is unreachable both servers will go offline. You ideally need an LDAP server at both locations.

I would highly suggest having a secondary openldap server, even if you have to use a seperate server to do it… I like redundancy… That’s why I love novell’s eDierctory as all my servers are synced (even the off site ones)and all contain the same info…