Using userPrincipalName for login versus sAMAccountName

I can successfully configure OpenFire to authenticate users using either ‘userPrincipalName’ or ‘sAMAccountName’. However, when I enable ‘userPrincipalName’ I can no longer log into the Administration Console. The sign is converted to a ‘/40’ and login fails. For example - when logging into the admin console with ‘WallC@domainname.com’ it fails and automatically changes the user name to ‘WallC/40domainname.com’

Is there anyway to enable login with userPrincipalName for our users on the Spark client and allow login to the Administration Console? I am fine with using sAMAccountName to login to the Admin console, but it is a goal to maintain ‘userPrincipalName’ login for our users at the client level.

Ideally you probably should not be using an email address for the username. This would lead to your chat ID being very long (i.e. johnd@domain.com@chatserver.domain.com/spark). You should stick to a username only.

I found the solution.

mtstravel - thanks for your info, however we push our users to use their userPrincipalName (which is set to match their primary e-mail address). We do not want to confuse them by forcing them to log in with their pre-windows2000 login name (sAMAccountName). So, since this is only day 2 of my deployment of OpenFire, what would the login look like with the sAMAccountName and what benefit would that give me?

The userPrincipalName fix is to do the following -

Open the config/openfire.xml file and manually edit the authorized admins with the ‘\40’ in place of the @ sign. So, in the openfire.xml file locate the Admin accounts that are given rights (<authorizedUsernames>chris.wall@domainname.com</authorizedUsernames>) and replace the @ with a \40 so it looks like <authorizedUsernames>wallc,xmppadmin,chris.wall\40globalknowledge.com< /authorizedUsernames>).

When you launch the admin console, login using the @ sign (not the \40 as the @ will automatically be converted during login) and everything works great!

Well the advantage is it is simpler to sign in as you only need to use your username (i.e johnd instead of johnd@domain.com). I also use SSO in my windows environment, which is based on the sAMAccountName. My users never need to enter a username or password to chat. The program starts at system startup and authenticates via AD using SSO.

chris.wall@globalknowledge.com wrote:

I can successfully configure OpenFire to authenticate users using either ‘userPrincipalName’ or ‘sAMAccountName’. However, when I enable ‘userPrincipalName’ I can no longer log into the Administration Console.

I would seriously like to know how were you able to get Openfire to authenticate users with userPrincipalName I’m using Spark on Windows XP SP2 client and just cannot get it to work.