Openfire - ldaps - Active Directory

mally2 · October 17, 2022, 2:31pm

Hi. I need help with LDAPS. I have two servers (VPS), one has openfire and the other has Active Directory. LDAP on port 389 works fine for me. However, I am not able to configure LDAPS (port 636). I don’t know too much what the ldaps configuration should look like on the openfire and active directory side. Is anyone able to give me tips on how to do this, or where to look for help? Thanks for your answer

speedy · October 18, 2022, 11:52am

has your AD been setup to use ldaps? This is usually a manual process and not enabled by default. If so, then make sure you’re connection string in openfire matches the CN that the certificate is presenting.

mally2 · October 18, 2022, 12:13pm

in AD, I only generated a certificate, but I’m not sure if I did it correctly. How should AD be configured to use LDAPS? Where could I find tips on how to do it properly? how to configure openfire? Can you help me?

mally2 · October 18, 2022, 6:52pm

I have generated a certificate in the active directory. However, I don’t know what I should do on the openfire side. How to indicate a certificate from AD?

speedy · October 18, 2022, 9:35pm

Here are few articles that can help you out.
https://www.digicert.com/kb/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm

Just adjust based on your needs. Once you get ldaps running, you’ll just configure the ldap string in openfire like you normally would, but making sure the hostname matches what was used with the certificate.
If you are using a self signed certificate, then you might have to add the certificate to the java trust store that openfire uses.

mally2 · October 19, 2022, 10:47am

thank you.
I will read the articles and try to do.

mally2 · October 19, 2022, 4:35pm

I have one server (VPS) – „vps-aabbccdd.net”

Windows server 2022 is installed on this server (with Active Directory)

The local server is called – “WIN-xxxxxxxxxx”
domain – “test.com” with users

After running LDAPS, I have a generated certificate for “WIN-xxxxxxxxxx”.

Openfire is running on the second server (VPS).

Config LDAP:

Ldap://vps-aabbccdd.net:389 – it works

LDAPS://vps-aabbccdd.net:636 - the name of the server (VPS) should be here? (the certificate was generated for local server “WIN-xxxxxxxxxx”).

speedy · October 26, 2022, 1:48pm

since your CN of the certificate is WIN-xxx, then you’ll need to use that in your connection string.