Banner
Openfire Active Directory Authentication
This is my site Written by tig on October 26, 2009 – 12:03 pm

Oh the joy and the pain of this….

After a very long time I have now got this working how I want it but it was painful getting the right runes to make the two play nicely.

What I wanted:

  • To have a group in AD that could access and authenticate to Openfire
  • To have a groups in Openfire that were defined by an AD group.

AD Structure

  • All of our users are in a group called “Foo Users”
  • All of our groups are in “Foo Groups”
  • All of our Openfire users are in a group called “openfire” which  is inside “Foo Groups”
  • Our Openfire groups are in “Openfire Groups” which is in “Foo Groups” (I made “Openfire Groups” a universal group, this may or may not be needed).
  • I then made the “openfire” group a member of “Openfire Groups”
  • Our domain is called foo.com

The authentication

  • ldap.baseDN : dc=”foo”,dc=”com”
  • adminDN : cn=”administrator”,cn=”Users”,dc=”foo”,dc=”com”
  • Userfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
  • Groupfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))

Hope this helps someone  :)

Posted in  

4 Responses »

  1. CH on November 13th, 2009 at 8:57 pm:

    Thank You!
    I have been pulling my hair out to get this working. Now it is working :)

  2. Matt on December 1st, 2009 at 8:51 pm:

    This was a massive help, thanks a lot! I have lost 3 hours trying to work out what values it was looking for, and with this example it too 3 minutes! I wish documentation was this clear!! Thanks again!

  3. Nayyar Ahmad on December 8th, 2009 at 1:32 pm:

    yeah, it helped :)

  4. tig on January 4th, 2010 at 5:52 pm:

    Yippee! Glad it helped people :)

Leave a Reply