Just to give you some background about my situation. At the company I am working at we are currently testing/deploying Openfire. I am more or less leading the project (doing the research, testing, working with other members of the team to fix issues etc.) When it is fully deployed we will have over 3000 users on it.
Here is what I have found with AD integration, if you have your AD and group/user filters setup right, you will barely have to touch it once everything is done.
Yes it is a couple extra steps, and there is the occasional issue with a corrupted AD account that isn’t being picked up (just recreate it). But with the size of the company I work for, not having to do those couple extra steps each time you have a new user or someone leaves is vital. Also keep in mind, it is one less password for the users to forget.
There are 2 cons to AD integration:
- Setting it up (the inital steps, and having the groups the way you want them in AD)
- If the account that connects Openfire and LDAP is moved or if Openfire cannot contact LDAP, then Openfire stops being usable. Unfortunately there is no way to create an Openfire only account if you configure it with AD. You would have to run through the setup again (there maybe a file somewhere that you can alter to avoid this, but I don’t know where that is).
For the external vs internal database:
You will get better performance with external but it is also more complicated to setup, and you usually can’t use the latest database without issues (we are using MySQL 5 because of issues).
I recall seeing on a forum somewhere that internal has a limit of 500 users.
I totally recommend AD integration. You can get by without it if you don’t have that many users and a low turn-over rate.
If you have less than 500 users, and performance isn’t a huge concern, maybe consider an internal database. From my experience, to get the external database aspect just right, it needs a bit of tinkering.