powered by Jive Software

Problems with Jive Messenger and AD

I’'m trying to configure a Jive Server against Active Directory. I had saw several users that have this configuration.

Do it’'s posible to obtain a jive conf.xml file with this type of connection.

Thank’'s in advance.

I’'m not sure what you mean by “configure … against Active Directory.”

If you mean to say that you want to add a DNS entry for a physical machine that Jive Messenger runs on, that is the same way you would do it for any other machine.

If you mean to open a software-based server (service) on a machine (server) with defined port ranges and then be able to apply AD security policies and other items to it, that is the same as the above, just define the service name (i.e. “msngr”), give it a inbound (listening, server) port number(s), and then set a range (optional). You can then also apply GPOs and other items and restrictions to the software - remember, the software will only have the rights of the machine and the machine will only the have rights you assign to it.

It is a good practice to start with the default security policy and then go through all options and make your server both secure and accessible (I know, a contradiction in terms, but what else is new).

I think he means LDAP settings for integrating authentication and users with Active Directory. If anyone has a good set of values, please paste them into this thread.

Thanks!

-Matt

It’'s exactly as say Matt. I want to validate the users against the Active Directory, but nothing occurr.

I would like to see a real config.xml file.

Does necesary to configure anything at Active Directory to use ldap?

Thanks in advance

Hello,

First, excuse my very bad english and possible misunderstanding.

i tried for a week to use the ldap database with jive messeger

and i didn’‘t succeed. i read (almost) all the post about AD and didn’'t find

anything that coul help me. nevertheless, i found many conf.xml which

is not difficult to configure. but it didn’'t work…

this morning, i found, by chance, the solution for me.

I was reading some documents about strategy, policies and so…

I changed two values in the group policy (local security options in english ?)

and it did work…

I use the strategy templates of the NSA and i am not sure

thess policies are in the default templates from Microsoft server

but the two are about ldap and values in the registry are

System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (Binary)

System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity (Binary)

the values in my system are 0 and 1.

i hope this will help some people.

I have one question too : is it possible to the user to change his

password on the server (not for ldap but for the embedded database ), and

without create accounts enabled ?

Benoit,

I have one question too : is it possible to the user

to change his

password on the server (not for ldap but for the

embedded database ), and

without create accounts enabled ?

It’‘s not currently possible, but we’‘ve already filed this issue as JM-125 to be fixed in the 2.2.0 release. Please vote for this issue if you’'d like to see it fixed.

Regards,

Matt

Here’'s my working LDAP section of the jive-messenger.xml file.

Note that I have jive installed on an AD server so it’‘s “localhost” but you could use IP address or computer name instead. Also “smi” is our domain and “jive” is a user I created for Jive to talk to the AD - gave it just enough permissions to request the AD user list and the password isn’'t shown, but you get the idea.

If you have any further questions ask away and I’'ll help as best I can

localhost

389

sAMAccountName

displayName

mail

DC=smi

CN=jive,CN=Users,DC=smi

password_not_shown

org.jivesoftware.messenger.ldap.LdapUserProvider

org.jivesoftware.messenger.ldap.LdapAuthProvider