I am trying out Openfire XMPP server for a department within a university. I want to use the U’s LDAP authentication, but I don’t have privledges to do any group lookup on the AD server. Also, I don’t want to allow all 1,000+ AD users. Here is how I did it, by accident really. If anyone knows a better way (likely through manually adding either LDAP or local Users in the DB after setup) please share it.
I should add that this means you must manually add allowed usernames, but they’ll use their AD password. I disabled automatic/self-registration via the client, so I don’t know if it is possible if a valid LDAP user tried.
- Install Openfire and do the initial setup using **local **AUTH (I also used internal DB)
- Login as admin and create username matching your LDAP uid and make it an admin (this is how we will login after we setup LDAP)
- Stop Openfire and edit conf/openfire.xml, change the setup tag from true to false.
- Start Openfire and you will be again greeted by the setup wizard. Setup the DB exactly the same, but this time choose LDAP auth.
- Setup LDAP auth and remember to make your uid an admin.
- Login to Openfire with your LDAP authentication.
- Under ‘Server Manager’ go to ‘System Properties’, edit provider.user.className from org.jivesoftware.openfire.ldap.LdapUserProvider to “org.jivesoftware.openfire.user.DefaultUserProvider”
- Also, change provider.group.className to “org.jivesoftware.openfire.group.DefaultGroupProvider”
Don’t logout or anything! On another computer/browser, check that you can login to the admin console still! If not, change the above values back to their original.
Thoughts: If might be possible to skip the initial local auth setup and just add local users after changing “provider.user.className”
I stumbled upon this working after trying to do the reverse (turn local auth into LDAP auth by manually adding LDAP to the database).
Hope it helps someone!