Monthly Archives: October 2009

Openfire Active Directory Authentication

Posted on by

Oh the joy and the pain of this….

After a very long time I have now got this working how I want it but it was painful getting the right runes to make the two play nicely.

What I wanted:

  • To have a group in AD that could access and authenticate to Openfire
  • To have a groups in Openfire that were defined by an AD group.

AD Structure

  • All of our users are in a group called “Foo Users”
  • All of our groups are in “Foo Groups”
  • All of our Openfire users are in a group called “openfire” which  is inside “Foo Groups”
  • Our Openfire groups are in “Openfire Groups” which is in “Foo Groups” (I made “Openfire Groups” a universal group, this may or may not be needed).
  • I then made the “openfire” group a member of “Openfire Groups”
  • Our domain is called foo.com

The authentication

  • ldap.baseDN : dc=”foo”,dc=”com”
  • adminDN : cn=”administrator”,cn=”Users”,dc=”foo”,dc=”com”
  • Userfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
  • Groupfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))

Hope this helps someone  🙂