I spent the last few days struggling with LDAP in AD and openfire.xml properties file. I have OpenFire 3.6.3 running in Linux and MySQL and authenticating via LDAP to MS AD.
I properly configured LDAP in the admin interface and it tested successfully for Admins and Users. I subsequently went back in to adjust the user filter to reduce the user count down from 1,000. All of the fields displayed the default values, except I did not notice the Base DN did not display the correct value, showing ‘dc=’ instead of the value I set earlier, ‘dc=domain, dc=local’.
The user filter was on screen 2 of the ldap configuration, so I clicked through “Save and Continue”, saving the bogus Base DN value ‘dc=’.
Naturally, I was unable to authenticate, and unable to get back in the Administrative inteface. I went to edit openfire.xml, only to find there were no LDAP settings in that file. I scanned community forums and was not able to find any reference to properties location other than openfire.xml.
I uninstalled openfire and removed the MySQL database, then reinstalled again. After reconfiguring and testing LDAP again, I went back in to edit the user filter again, but noticed the missing default value for Base DN and re-entered it. I was able to get a user filter query that reduced the user count to below 1,000, but because the OpenFire admins I set up were not in the AD group I was filtering for, I was locked out of the Admin console again.
I subsequently found the LDAP properties in the MySQL database and was able to resolve the issue by manually editing the admin.authorizedJIDs value.
Comments/Questions:
-
Many of the OpenFire Server properties are stored in the MySQL database, in ofProperty table, including all of the LDAP settings, not in openfire.xml
-
Why does the default value for Base DN reset to a bogus value in the Administrative interface?
-
I noticed that openfire.xml time stamp was updated whenever I edited values that are stored in the MySQL database and not in openfire.xml. Which values are stored in which location?
.