There is currently a fixed relationship between a users loginname and their JID.
At the moment JID = loginname & “@” & servername
I was hoping we’‘d be able to break that relationship; we use LDAP Integration. The side effect of that is that if I want to give my JID to someone outside the company, I have to tell them my Windows username - I’'d obviously like to avoid that.
Ideally, I’'d login with a AD username, and my JID would be generated from another property in the LDAP directory.
In an ideal world, I’'d have another line in the mapping file which said JID maps directly to the Active Directory attribute ‘‘mail’’.
I realise I can change the mapping so that I login using a different field. However, that doesn’'t solve my problem for 3 reasons:
Users know their username. Telling them to ‘‘use your email address, but chop off the @domain.name as a username’’ won’'t go down well.
I’'d like to use SSO. At the moment that works by taking my AD Kerberos principal name and chopping off the @ and everything after it. In simple terms, SSO will only work if I setup Openfire to accept the AD attribute SAMAccountName as my login.
The ‘‘mail’’ attribute in the Active Directory includes the @ sign and the suffix. I can set my Openfire XMPP domain name to be equal to the same as my email suffix. However, if I map username to mail, I end up with a JID of emailprefix@emailsuffix@emailsuffix, which just isn’'t what I want!
Anyone know if this is easily fixable? Surely I can’'t be the only Openfire user who wants such a feature?
I was planning on creating an appropriate field in the directory (by taking my email address and getting rid of the suffix). However, I can nolonger do that if I want SSO to work.