powered by Jive Software

Permissions needed for Active Directory "admin"

What permissions are needed for the “Active Directory admin” account? It says that it only needs read access but I’m finding that a brand new account that is just a member of domain users doesn’t cut it. Am I missing something here? I get the error message “Error authenticating with the LDAP server. Check supplied credentials.” when I test the settings. I have an account that works and is only a member of domain users but not sure if it has been given special permissions directly as the person that set it up is not around anymore (I have no problem using that account but I’m trying to document what is needed for the install and setup for an admin in a company that we have purchased and are trying to setup with an open fire server that we can then link to ours).

Well it depends on your AD server…if it allows read only users to pull information. We have our server setup with domain admin rights

are you sure your adminDN is right? What does your openfire.xml file contain for that field?

well like I said I have an account that does work but I didn’t create it and don’t know if it was given special permissions. I’m guessing that if I can get that account to work it likely is that I’m not filling in the DN properly.

I guess I should add that I’m using the windows version atm.

Does anyone know the minimum permissions required fir this account?

thanks.

It should only require a user with read rights for the domain (domain user). I used a domain admin however. You can just set your Admin DN to username@domain.com, substituting of course a valid username and domain in there.

I’m running a native W2K3 domain, and my jabber user is simply in the Domain Users group.

I’m new to this company so I’m not sure how things are setup, clearly domain users don’t have the required permissions in our domain. I’m going to try giving a test account permissions are keep twealing till I find it.

ok I feel like an idiot, I tried the user@domain.com instead othe cn=user,ou=users,dc=domain,dc=com thing and it worked! I think that it was likely that the ou the user is in is called “special - users” I think that the “-” was not goingn through the LDAP script well.

Thanks for all the help