We have been unsuccessful at upgrading a working Openfire 3.6.2-1 server with known-good LDAP MS AD integration to Openfire 3.6.3-1 without breaking the LDAP integration.
Scenario
Openfire 3.6.2-1 is installed on a CentOS x86_64 system running MySQL. Users are authenticated via LDAP integration with MS Active Directory.
When the system is upgraded via in-place upgrade to Openfire 3.6.2-1 all of the configuration information is preserved but the LDAP integration breaks. The “in-place upgrade” was performed using “rpm -U openfire-3.6.3-1.i386.rpm.” When this failed, we also tried a fresh install of 3.6.3-1 from scratch. The results were identical: at “Step 1 of 3” it passed the test of connecting the LDAP server but at “Step 2 of 3” it failed to find any users in the directory.
What do I mean by “the LDAP integration breaks?”
Immediately after the upgrade, it is no longer possible to access the admin console except by changing true to false in /opt/openfire/conf/openfire.xml.
After changing true to false, we access the admin console and go to edit the LDAP settings.
One effect of making this change (toggling the value of the setup boolean) is apparently to reset the authentication mechanism to the default and put the admin user back into the setup dialog process. That setup process includes the “Profile Settings” screens.
Page 1 of Profile Settings: "Directory Server (LDAP)" is selected.
At “Step 1 of 3: Connection Settings” we make sure that the server type, host, port, base DN, administrator DN and passowrd are correct.
The “test settings” button returns “Status: Success!: A connection was successfully established to the LDAP server using the settings above.” (see attached file “connection_settings1.jpg”
As “Step 2 of 3: User Mapping” we make sure that the Username field, user filter, and vCard settings are correct.Here, though, when we click on the “test settings” button it reports “Status: Error. No users were found using the specified configuration. Try changing the base DN, the user filter, or username field” (see attached file “user-mapping.jpg”). We tried making any sensible changes, but the original values were correct and are known to work with 3.6.2-1, and none of the different values we tried helped.
For the known good settings at “Step 2 of 3” under Openfire 3.6.2-1, see attached file “362-good.jpg.”
For the settings at “Step 2 of 3” under Openfire 3.6.3-1, see attached file 363-bad.jpg."
As you can see, they are identical.
The settings on the page labeled “Step 1 of 3” are also identical between our Openfire 3.6.2-1 configuration (which works) and our Openfire 3.6.3-1 configuration (which fails to find users in the directory).
We also tried installing Openfire 3.6.3-1 from scratch. And we tried setting up a new Openfire 3.6.2-1 server. So far Openfire 3.6.3-1 consistently fails to find any users in the Active Directory and Openfire 3.6.2-1 consistently succeeds at retrieving users at random from the directory at “Step 2 of 3.”
We must be missing something. I’ve been over this again and again, and I enlisted the assistance of the team here that supports our Active Directory. They inspected all of our settings and concur that it should be working as configured under Openfire 3.6.3-1.But it isn’t.
What are we missing?
Thank you for any assitance you can provide.