subscribe

Openfire Active Directory Authentication

October 26th, 2009

Oh the joy and the pain of this….

After a very long time I have now got this working how I want it but it was painful getting the right runes to make the two play nicely.

What I wanted:

  • To have a group in AD that could access and authenticate to Openfire
  • To have a groups in Openfire that were defined by an AD group.

AD Structure

  • All of our users are in a group called “Foo Users”
  • All of our groups are in “Foo Groups”
  • All of our Openfire users are in a group called “openfire” which  is inside “Foo Groups”
  • Our Openfire groups are in “Openfire Groups” which is in “Foo Groups” (I made “Openfire Groups” a universal group, this may or may not be needed).
  • I then made the “openfire” group a member of “Openfire Groups”
  • Our domain is called foo.com

The authentication

  • ldap.baseDN : dc=”foo”,dc=”com”
  • adminDN : cn=”administrator”,cn=”Users”,dc=”foo”,dc=”com”
  • Userfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
  • Groupfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))

Hope this helps someone  :)

Monday, October 26th, 2009 | Uncategorized | Comments RSS | Respond | Trackback

4 Responses to Openfire Active Directory Authentication

  1. CH says:
    November 13, 2009 at 8:57 pm

    Thank You!
    I have been pulling my hair out to get this working. Now it is working :)

  2. Matt says:
    December 1, 2009 at 8:51 pm

    This was a massive help, thanks a lot! I have lost 3 hours trying to work out what values it was looking for, and with this example it too 3 minutes! I wish documentation was this clear!! Thanks again!

  3. Nayyar Ahmad says:
    December 8, 2009 at 1:32 pm

    yeah, it helped :)

  4. tig says:
    January 4, 2010 at 5:52 pm

    Yippee! Glad it helped people :)

Leave a Reply

Name and Email Address are required fields. Your email will not be published or shared with third parties.