powered by Jive Software

Openfire no connection to active directory

Hello
openfire_4_6_7 - installation on windows server in 2012,
Error when connecting to Active Directory server:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

Base DN dc=activedirectory, dc=jivesoftware, dc=com
Administrator DN user

Did according to the instructions Openfire: LDAP Guide

Help

are you trying to connect using ldap or ldap(s)? domain controllers dont support ldaps out of the box, but thats what openfire defaults do, so you’ll want to change that

Thanks for the quick response!

If ldaps:
Error connecting to LDAP server. Make sure the server directory works with the specified host name and port, and that the firewall is not blocking access to the server.

If ldap:
Authentication failed with LDAP server. Check the provided credentials.

Login and password are correct

Only on one user (Administrator DN) gives an error
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

if using ldap(s), and youre set up for it, then openfire will need to use the name that matches the cert.

on the ldap side, looks like youre making the connection, instead of using the user dn, try using user@domain

also, looking at your base dn, is your domain subdomain.domain.com with all the user that plan to connect under that tree?

also, the account does not need to be a privileged level account despite the term “administrator” being used. a non-privileged account should be used, as this account is only used for connecting and reading ldap.

ldap
If I use user@domain then the error is:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

Didn’t figure it out - I’m using the base dn

introduced different users
Now same error
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

for example
base dn would be dc=lab, dc=test
and my administrator dn would be Testuser1@lab.test

this allows me to search everything under lab.test

1 Like

Currently, when using administrator user:
Authentication failed with LDAP server. Check the provided credentials.

If a regular user:
[LDAP: error code 8 - 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

uncheck startls - you can only use this if you have a certificate on your domain controller and are setup for that. most are not setup for this out of the box.

Where is it?

is “office” a container or an OU? is it part of the domain name like in my picture?

Yes
openfire1

looks like you have 4 parts
so something like dc=office,dc=one,dc=two,dc=three

you might have also hit a bug. I’ll test that…let me see if I can stand something up before I go to bed for the evening

1 Like

thanks, speedy figured it out.
Turned off the LDAP server signing requirements policy

2 Likes

thanks for reporting your resolution. but iirc, a simple bind should still work with ldap signing. I’ll see if I can reproduce this

2 Likes

Amendment:
I need to disable the LDAP server signing requirement policy.
sorry for my English