I am by no means an expert but we successfully use AD integration via LDAP and have a different XMPP domain than the server we actually connect to. They are really seperate issues. You can have an XMPP domain of “mybiz.com” so that users will have a jabber id with something like "user@mybiz.com" but mybiz.com doesn’t actually resolve using DNS to your openfire server (most likely it resolves to a web server holding your website). You can accomplish this using SRV records in the DNS server for your “mybiz.com” domain. For example, let’s assume that the IP address of your openfire server is 1.1.1.1, you could make an (A) record in your DNS server for somethign like “jabber.mybiz.com” and point it to 1.1.1.1. Then you would need to make (at least these two) SRV (service) records:
Service/Protocol/Domain *
TTL
Class
**Type
**
Priority
Weight
Port
Target *
_xmpp-client._tcp.mybiz.com.
86400
IN
SRV
5
0
5222
jabber.mybiz.com.
_xmpp-server._tcp.mybiz.com.
86400
IN
SRV
5
0
5269
jabber.mybiz.com.
- the trailing periods are intentional and required
If you’ve done that correctly now your users will be able to connect to “mybiz.com” as the server and it will know to actually connect to “jabber.mybiz.com”. Depending on which XMPP client you’re using you may have to specifiy the server or you may just enter the full jabber id. I believe spark makes you enter the username and server seperately but you will still only have to enter “mybiz.com” and not “jabber.mybiz.com” and the client will check and understand the SRV records and connect to the correct server.
Now, in regards to your second issue which, if I understand it correctly, is that your having trouble with getting your AD integration working. First, let me tell you that in our implimentation openfire thinks of its users without the XMPP domain in them. That means that a user named “john” will attempt to be authenticated as “john” even though his full jabber id may be "john@mybiz.com". Here is how we accomplish this.
I just used the setup wizard to setup active directory but the trick where I’ve seen lots of people mess up is understand how to tell openfire where to find it’s users in AD. If you have a complex AD tree with users in multiple OU’s then you will have to ask someone more knowledgable than I but for what we do it works perfectly. Make sure you have a correct LDAP path (and password) for an admin account (an account that browse the AD structure), something like this:
CN=“Adminuser”,OU=“Users”,DC=“mybiz”,DC=“local”
You also need a proper path to be able to tell openfire where to find it’s list of all the users, something like this:
OU=“Users”,DC=“mybiz”,DC=“local”
When done correctly it works perfectly, as proof of this I would cite one instance of openfire I’m using for a part of our company which is a very simple setup but seems to be exactly what you’re looking for.
This was a small office so I didn’t even bother to setup the SRV records for them so all their users open spart and put in credentials that look like this:
Username: john
Password: ****
Server: office.mybiz.com
The XMPP domain for the openfire server is “office.mybiz.com” so the users all have jabber id’s that look like "john@office.mybiz.com". However, we use AD integration and the AD domain is neither “office.mybiz.com” nor is it “mybiz.com” it is actually “mybiz.local”. The server see’s all the users in AD and anyone with an AD account can login to spark using the same username (e.g. “john”) and password that they use for the network.
I hope at least some of that was helpful.
Darren