Openfire LDAP

The company has been using Openfire as an IM platform for some time now, it is a reliable and durable system, and since I’ve been working there I’ve had no real need to do much with it. We have, from time to time, had to reinstall a client here, create a new account there, but largely the system has sat on it’s host and just worked.

Now we have a company-wide active directory, and all staff have dedicated user accounts I started looking into the possibility of intergrating Openfire with our directory.  Of course it’s doable, but how easy is it?

In truth it’s very easy!

I have installed a clean version, as it also supports SSO (Single Sign On) but that’s for a later post! My installation process is as follows; (please note, for security purposes I will use example.local as the domain and exampledc and exampleof as the domain controller and openfire server)

First off you need to create a user within your active directory to allow Openfire to bind to Active Directory, create a generic user and give him a permanant password (U: exampleuser / P:password123)

Download and install Openfire Server http://www.igniterealtime.org/projects/openfire/

Launch Admin, select English language (or whatever language you want to use) and continue.

On the server settings screen set the following;

Domain: exampleof
Admin port: 9090
Secure Admin: 9091

Continue to profile settings

On the profile settings set the following;

Server Type: Active Directory
Host: exampledc
Port: 389
Base DN: OU=folderwithusersin,DC=example,DC=local
Administrator DN: example\exampleuser
Password: password123

All of our non-generic or non-administrative user accounts sit in an OU this is just below the domain root, it effectively serves as a root folder for all of the users that need to appear in the openfire list. In the above example folderwithusersin is that folder, the openfire setup recognises all the users in that folder (and in subsequent OUs below it) only, so any of your generic or administrative user accounts will not appear.

At this point you can test your settings, you should be prompted if there is an error. If there are no errors continue to Profile Settings, User Mapping

Profile Settings, User Mapping;

In this section I did not need to make any changes, so click test and provided you get no errors continue on to Profile Settings, Group Mapping

Profile Settings, Group Mapping;

Again, I had to add no additional configuration here, so click test and continue.

And that’s it, at this point you will have completed the Openfire installation and it should be linked into your Active Directory via LDAP!

To test, browse to;

http://exampleof:9090

You should be able to log in with your Active Directory username and password and start using the system.

Next post on this subject will cover SSO, and boy, did that one take some time to get right!!

1 thought on “Openfire LDAP

Leave a Comment

THE PERSONAL BLOG OF CORNWALL-BASED COMPANY DIRECTOR // CHRIS RICKARD