Openfire user registration

Can someone help me in understanding the user registration settings from within the admin console of Openfire? We plan to exclusively use Openfire with LDAP authentication. Here are the options:

Inband Account Registration

Inband account registration allows users to create accounts on the server automatically using most clients. It does not affect the ability to create new accounts through this web administration interface. Administrators may want to disable this option so users are required to register by other means (e.g. sending requests to the server administrator or through your own custom web interface).

Change Password

You can choose whether users are allowed to change their password. Password changing is independent from inband account registration. However, you may only want to disable this feature when disabling inband account registration.

Anonymous Login

You can choose to enable or disable anonymous user login. If it is enabled, anyone can connect to the server and create a new session. If it is disabled only users who have accounts will be able to connect.

So how does "Inband Account Registration" work if you'd only like to use LDAP authentication?  If I disable Inband Account Registration, will ldap users who've never connected to the system but should be otherwise authorized still be able to connect?  The plan is to enable SSL connectivity and open the client port to the internet, I'd prefer not just anyone create an account.

Change password wouldn't really be cool in an ldap environment.  that should be done from AD.  Or can they actually change their AD password from the spark client with this enabled?

Anonymous Login?  One would venture to guess why this is even here.....  for a corp chat solution exposed to the internet I assume this should be disabled....?  What would this be used for?

Thanks everyone for helping this noob out.


Adam Tyler
  1. You can disable it. Shouldn’t affect LDAP. It is meant for online communities/servers freely available for registration like, etc.

  2. You can disable it. No, they can’t change AD passwords. Spark even don’t have a visual GUI for changing passwords.

  3. Again, some online communities or support sites may want to have an option for anyone to login and ask questions without the need to register. So this option is here (i believe a standard XMPP protocol requirement). Disable it.