powered by Jive Software

Openfire - ldaps - Active Directory

Hi. I need help with LDAPS. I have two servers (VPS), one has openfire and the other has Active Directory. LDAP on port 389 works fine for me. However, I am not able to configure LDAPS (port 636). I don’t know too much what the ldaps configuration should look like on the openfire and active directory side. Is anyone able to give me tips on how to do this, or where to look for help? Thanks for your answer

has your AD been setup to use ldaps? This is usually a manual process and not enabled by default. If so, then make sure you’re connection string in openfire matches the CN that the certificate is presenting.

in AD, I only generated a certificate, but I’m not sure if I did it correctly. How should AD be configured to use LDAPS? Where could I find tips on how to do it properly? how to configure openfire? Can you help me?

I have generated a certificate in the active directory. However, I don’t know what I should do on the openfire side. How to indicate a certificate from AD?

Here are few articles that can help you out.
https://www.digicert.com/kb/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm

Just adjust based on your needs. Once you get ldaps running, you’ll just configure the ldap string in openfire like you normally would, but making sure the hostname matches what was used with the certificate.
If you are using a self signed certificate, then you might have to add the certificate to the java trust store that openfire uses.

thank you.
I will read the articles and try to do.

  1. I have one server (VPS) – „vps-aabbccdd.net

Windows server 2022 is installed on this server (with Active Directory)

  • The local server is called – “WIN-xxxxxxxxxx”

  • domain – “test.com” with users

After running LDAPS, I have a generated certificate for “WIN-xxxxxxxxxx”.

  1. Openfire is running on the second server (VPS).

Config LDAP:

Ldap://vps-aabbccdd.net:389 – it works

LDAPS://vps-aabbccdd.net:636 - the name of the server (VPS) should be here? (the certificate was generated for local server “WIN-xxxxxxxxxx”).

since your CN of the certificate is WIN-xxx, then you’ll need to use that in your connection string.