Hi all,
I’m attempting to setup an Openfire installation with LDAP User Authentication. My setup is as follows:
- Openfire 3.6.4 - the main installation
- Microsoft SQL Server 2005 SP2 - the database
- Windows Server 2003 Active Directory - for LDAP user authentication
I then proceeded to:
- Download the Openfire installer and installed it on my server;
- Create a new database named Openfire on my SQL Server, and an SQL login with full access to the new database; and
- Pointed the Openfire app to this new database via the setup wizard.
So far so good. Next up was the LDAP Binding.
My AD Structure is as follows:
- Company.local (Domain)
- Company Name (OU)
- Internet Users (OU)
- Department Name (OU)
- User
- Department Name (OU)
- Internet Users (OU)
- Company Name (OU)
As the names suggest, I have this setup because part of my users have access to Internet (under the Internet Users organisational unit), and another part do not (directly under the Company organisational unit).
I already use this setup with a number of devices and software, including my VPN and Proxy appliances, and to date everything is working ok.
I created a new AD User name “Openfire” and delegated the rights to read all user information. I put it directly under the Internet Users organisational unit.
I continued to go through the setup wizard, pressing the Test Setting button each time, and all went smoothly.
The **ofProperty **table on my Database was populated with the following data:
name
propValue
admin.authorizedJIDs
myuser@Company.local
ldap.adminDN
Openfire@Company.local
ldap.adminPassword
openfire_password
ldap.autoFollowAliasReferrals
true
ldap.autoFollowReferrals
true
ldap.baseDN
ou=Internet\ Users,ou=Company\ Name,dc=Company,dc=local
ldap.connectionPoolEnabled
true
ldap.debugEnabled
false
ldap.emailField
mail
ldap.groupDescriptionField
description
ldap.groupMemberField
member
ldap.groupNameField
cn
ldap.groupSearchFilter
(objectClass=group)
ldap.host
LDAP_Server
ldap.ldapDebugEnabled
false
ldap.nameField
cn
ldap.override.avatar
true
ldap.port
389
ldap.posixMode
true
ldap.searchFilter
(objectClass=person)
ldap.sslEnabled
false
ldap.usernameField
sAMAccountName
ldap.vcard-mapping
mail.configured
true
mail.debug
false
mail.smtp.host
Email_Server
mail.smtp.port
25
mail.smtp.ssl
false
mediaproxy.echoPort
10020
mediaproxy.enabled
true
mediaproxy.idleTimeout
60000
mediaproxy.lifetime
9000
mediaproxy.portMax
20000
mediaproxy.portMin
10000
provider.auth.className
org.jivesoftware.openfire.ldap.LdapAuthProvider
provider.group.className
org.jivesoftware.openfire.ldap.LdapGroupProvider
provider.user.className
org.jivesoftware.openfire.ldap.LdapUserProvider
provider.vcard.className
org.jivesoftware.openfire.ldap.LdapVCardProvider
Some notes on the above:
- myuser@Company.local is my username on the Active Directory, which I use for my computer
- LDAP_Server is the hostname of my Windows 2003 Active Directory Server
What I need is the following:
- To use the Department Name organisation unit as the Group, instead of creating a Group object
- Be able to log into the Openfire Admin Console. I tried with all the combinations possible:
- myuser
- myuser@Company.local
- myuser@company.com
- Company\myuser
- Company.local\myuser
however, all I get is this error:
Login failed: make sure your username and password are correct and that you're an admin or moderator.
Any help would be greatly appreciated!