Hello Everyone,
I want to know how I can add security to Openfire, I joined the Openfire server to Active Directory. Openfire is reading AD DB as read-only with all users but I cannot choose who should or shouldn’t use Spark chat. Is there any way to manage this?
Please let me know.
Thank you in advance
Hi,
yes u can use Group, them in of console, u can assign spark Group.
How can I do that if the users and groups are migrated from Active Directory as read-only?. I need to grant admin access to other users without modify AD groups, I could from setup wizzar first time but I cannot do it now. I need to restrict access to other users as well but Openfire is reading all AD database and migrating all users, they are able to login.
Hi Speedy,
I have a last question for you. I saw your below example but I couldn’t point to my created groups and after I couldn’t access to admin portal.
Do I need to modify “member of” and “user account contro” values on my Server or I can use below values for them?
ldap.searchfilter(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556. 1.4.1941:=CN=Openfire Access Group,CN=Users,DC=AD-DOMAIN,DC=local))(!(userAccountControl:1.2.840.113556.1.4. 803:=2)))
It looks like there may have been a cut and paste issue. Check for spaces in your search filters:
(memberOf:1.2.840.113556. 1.4.1941:
There is a space between 6. and 1.4 that should not be there.
also check
userAccountControl:1.2.840.113556.1.4. 803:=2)))
There looks to be a space between 1.4 and 803: that shouldn’t be there.
Please, check now. Should it work?,
I will change domain information with my domain. It should be the only modification here. The access group name and OU are the same.
ldap.searchfilter(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556. 1.4.1941:=CN=Openfire Access Group,CN=Users,DC=AD-DOMAIN,DC=local))(!(userAccountControl:1.2.840.113556.1.4. 803:=2)))
there still looks ike there are spaces…just verify that you don’t have them in your system properties. you may need to manually fix it, instead of using cut and paste
Where you see spaces???
How It looks like now?. Final Attempt
looks right to me!
It didn’t work, I don’t understand the issue. I just change the domain name on the string. The groups name are the same, etc. I cannot login again to admin portal.
your admin portal user is a member of the group, correct?
Correct, It’s member
and your base DN is the root of your domain?
Yes it is, DC=MyDomain, DC=local
The issue is with the search filter, I was able to see only my created group with all members when I modified groupsearch filter, the problem was that I was seeing all users in the domain. The intention was modify the search filter to force more security with my Openfire Access groups.
so you have been able to accomplish your goal?
Nope, same problem. I cannot filter the users by group.
