OpenFire Configuration,HelpMe,SOS

Jon8 · December 5, 2007, 9:36am

Hello,Every one:

I want to config openfire + Active Directory, Use the LDAP Guide(http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html) , I can’t connect to the DC,can you help me ? thanks

IF you have a step by step document, Please send it to me(chenwq16@hotmail.com) ?thank you very much!

Jonas · December 5, 2007, 11:23am

It would be nice if you provide us at least with an error-report and your config if you need help. A step-by-step guide to this topic is probably not really helpful as there are some things that simply depend on your setup. Besides…the LDAP Guide is mostly Step-by-Step

NO_MESSAGES_OR_FRIEN · December 5, 2007, 2:19pm

There are several guides posted in the community already, as well as many very detailed discussions. Here are links to 2:

http://www.igniterealtime.org/community/docs/DOC-1362

http://www.igniterealtime.org/community/docs/DOC-1060

Beyond these the LDAP config is fairly straight forward with the setup wizard. The complexity of LDAP would come from your AD configuration.

Jon8 · December 6, 2007, 1:38am

pictrues

Jon8 · December 6, 2007, 1:43am

thanks

First: we must config openfire + Active Directory

Second: Our company want to use SSO

Third: May be our company will buy the license of openfire(enterprise)

but , I’m stoped in the first step(successful on openfire + oracle , not AD) ,can you help me?

Jonas · December 6, 2007, 1:24pm

Depending on your AD setup, >Users< should be either “cn” or “ou” but you specified ou under Base DN and cn as Administrator. This shouldn’t work. Also in my setup I used “;” to separate but I don’t know if that matters.

If it does not help…have you checked that you really can reach 10.0.15.3 Port 389 from this machine?

NO_MESSAGES_OR_FRIEN · December 6, 2007, 1:46pm

Try this:

Base DN: OU=Users,DC=sf,DC=com not the capital letters

Administrator DN: Administrator@sf.com

Jonas · December 6, 2007, 3:00pm

Still with a standard setup of an AD on a Windows 2003 “Users” at the Root of the Domain is a CN not an OU. At least here this was always the case.

Don’t ask me why, I have near to Zero knowledge of AD/LDAP I just made it work and that made me incredibly happy (And took quite a long time with sorting and grouping and all that stuff).

NO_MESSAGES_OR_FRIEN · December 6, 2007, 4:45pm

It is kind of bad form to let the users sit in the default Users container. either case the Admin DN is more likely the error. use the structure I previously stated or domain\Administrator

Jon8 · December 7, 2007, 3:44am

console error messages!

thanks

Jonas · December 7, 2007, 3:06pm

Are you trying to use encryption? If so, have you tried without to see if that works?

Jon8 · December 8, 2007, 2:25am

ping 10.0.15.3 is ok

telnet 10.0.15.3 389 is ok

thanks

Jon8 · December 8, 2007, 8:07am

Deal all:

I use

BaseDN: cn=Users;dc=sf;dc=com

AdminDN: cn=Administrator;cn=Users;dc=sf;dc=com

that’s OK now , thanks ( the openfire server is DC server)

but , not all users in “cn=Users”, most users in “SF-Users” under root directory sf.com?Our architectural like this below:

|sf.com

|

|-Builtin

|-Computers

|-…

|-SF-Users

|----|-SF-China

|----

|-SF Employes in China

|----|-SF-American

|----

|-SF Employes in American

|----|-SF-Japan

|----

|-SF Employes in Japan

|----|-…

|-Domain Controllers

|-ForeignSecurityPrincipals

|-Users

|-…

Can somebody help me ,thanks a lot!

Jonas · December 10, 2007, 10:46am

in this case just use

BaseDN: dc=sf;dc=com

and restrict access later on with a filter to those OU/CNs or users that you would like to use jabber

Jon8 · December 12, 2007, 2:42am

Follow you advice, I use:

BaseDN:dc=sf;dc=com

AdminDN:cn=Administrator;cn=Users;dc=sf;dc=com

is ok now,but only under this environment (the openfire server is the DC Server,I create a test domain test.com is ok), But I can not connect to the prod DC Server(sf.com).

Can AdminDN didn’t use “cn=Administrator”?? For Example, I have create a user named “SF-Admin” in OU “SF-Account”, did I can use AdminDN like this:“cn=SF-Admin;cn=SF-Account;dc=sf;dc=com” ?

thanks!

Jonas · December 13, 2007, 11:52am

Please correct me if I understood you wrong…I think I’m not 100% sure what you mean.

What’s your DC Server? Did you mean AD?

If you cannot connect to your prod. server, make sure that it is configured to allow LDAP requests…it looks to me your problem is not caused by openfire but by the way your AD server handles requests (or blocks), especially if you say your test-server works btu the other one not.

If your totally lost, try wireshark to take a look at what exactly is happening between your servers…this helped me, I got some helpful error descriptions that way

You may use cn=Administrator as long as the cn Administrator has full rights to read the whole tree you need.

If your OU SF-Account is in your Root you’ll have to use:

AdminDN :“cn=SF-Admin;ou=SF-Account;dc=sf;dc=com”

as your selfmade OU is indeed an OU not a CN !

Jon8 · December 14, 2007, 9:52am

It’s ok now!

thank you very much.