OpenFire + Microsoft Active Directory + Security = Awesome Enterprise Instant Messenger

nbeam published 10 years ago in Database Administration, Domain Administration, IM Administration, Linux, Microsoft, MySQL, OpenFire, Ubuntu, Web Administration. Tags: , , , , , , , , ,

0

Configure OpenFire to Work with MySQL and Microsoft Active Directory

  1. Choose your language
  2. The next page is VERY important. If you have a DNS record for your server (ex. talk.contoso.com), that is probably what you want to use for the domain. If your server is internal only, you can just leave this as the server name and it shouldn’t be a big deal. You can modify your internal DNS records later to point to the IP of the server. Hit Continue
  3. Choose “Standard Database Connection” and click continue
  4. Chose MySQL in the “Database Driver Presets” Drop down, in the database URL line, change [host-name] to 127.0.0.1 and change [database-name] to openfire
  5. For username and password, use openfire and the random password that PhPMyAdmin generated. Click continue
  6. Choose “Directory Server (LDAP)” on the next page and hit “Continue”
  7. Chose “Active Directory” for the server type. This guide assumes your Linux server can talk to a Windows Domain Controller on Port 389 on your network. If you need to setup some firewall rules, do so, then come back…
  8. For host, put in the IP address of a Windows Domain Controller that your server can communicate with
  9. For BaseDN, you need access to active directory, or a Domain Admin who can do the following for you:
    1. Login to a Domain Controller either locally or via RDP and open the “Active Directory Users and Computers” console
    2. Click on “view” from the top menu and select “advanced features”
    3. OpenFire will search all SUB organizational units UNDER the BaseDN that you specify. Go find a regular user account in your active directory, right-click on it, and select “properties
    4. Go to the “attribute editor” tab and scroll down until you find the “distinguishedName” attribute, double-click on it. Copy and paste the contents to a text file.
    5. You should have something like this: CN=Rand Paul,OU=Employees,OU=Users and Groups,DC=contoso,DC=local
    6. In this case you would want everything from OU=Employees forward, that would be your BaseDN, EXACTLY AS SHOWN, that is your syntax!

      7. If you have Users spread out across multiple OU’s then you need to go ONE UP the Hierarchy so that everything is searched

    7. You also need to create a new regular user account in Active Directory, set a password for this account, and set it to NEVER EXPIRE and NOT BE CHANGED AFTER FIRST LOGIN… I recommend you called the account something like directoryuser. Once it is created, you need to right-click on it, select properties, attributes tab, find the distinguishedname record, and COPY the ENTIRE line, into “Administrator DN” on the openfire setup page. And put the password that you set for this user in the password box.
  10. Hit “save and continue” to go to the next page, hit it AGAIN on the next page
  11. I don’t do any group mapping, I think the default settings are actually what you want on this page anyhow, so hit “save and continue” again
  12. On this page, you need to add administrative users. So, if you are one such person for this server, Type in your Active directory username (ex. rpaul) and hit “add”. Add as many users as you like. Then hit continue… and then hit “login to admin console” and login with one of the accounts you just specified.

This post has no comments. Be the first to leave one!

Join the discussion

Your email address will not be published. Required fields are marked *