powered by Jive Software

Pulling everything BUT password from Active Directory?

This is a weird situation, I know, but I have fully working LDAP/AD integration working and shiny in OpenFire, and it works great. But, of course, the password for the user is the AD password. What I would like (again, I know it is odd, but trust me, it makes sense for my environment) is for everything to come from AD but for me to be able to give EVERYONE the same password.

For example, user jkirk pulls down everything from AD that I already have working - user info, photo of the user for the icon, all the phone info, etc, – but instead of the AD password, they use a password of MY devising to log in - one shared by all users.

Essentially what I am asking is, is there a way to step in and tell openfire that when syncing with AD, instead of taking username as {adusernameproperty} and the password as {adpasswordproperty}, to take the username as {adusernameproperty} and the password as “custompass” ?

Altough i haven’t tested it, you might have some success if you initially configure LDAP authentication and later, changed the property provider.auth.className to your database authentication. Then in theory you would have user information pulled from ldap but authentication would be done from a custom database.

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/db-integ ration-guide.html

That’s a thought… my first response though would be the fact that things change often and our list of employees (and the info we want to keep up to date on their vcards) changes pretty regularly. I wonder if there is a third party app I can use to fill a custom db FROM ldap, that I could just have run nightly or weekly or the like. Sigh - this seems like it should be easier.

You could write a custom auth provider for Openfire to do this.

I suspect that’s well past my skillset, unless it’s far simpler than I expect :-/

Ok, based on what everyone else said, here’s what I’ve done.

I created a Mysql Db named OFDB, with a single table named PassTable. That table has one row, with field id = “1” and field Pass = “Password”.

Running “SELECT Pass FROM PassTable WHERE id=1” in a mysql client works and gives me “Password”.

I then changed my openfire.xml to the below:

<?xml version="1.0" encoding="UTF-8"?>

jfisher

9090

9091

en

<!-- Network settings. By default, Openfire will bind to all network interfaces.

Alternatively, you can specify a specific network interfaces that the server

will listen on. For example, 127.0.0.1. This setting is generally only useful

on multi-homed servers. -->

<!--

–>

org.jivesoftware.database.EmbeddedConnectionProvider

com.mysql.jdbc.Driver

jdbc:mysql://localhost/OFDB?user=root&password=myadminp asshere

org.jivesoftware.openfire.auth.JDBCAuthProvider

SELECT Pass FROM PassTable WHERE id=1

plain

true

and also changed provider.auth.className in the admin console to org.jivesoftware.openfire.auth.JDBCAuthProvider. My hope was that everyone would work, with the password “Password”. No dice though, I get Not Authorized. Any thoughts?

In which I bump the above.