Fun and frolics configuring Openfire (XMPP)

Work in progress, but so far…

CentOS 6.0 – 64bit — had to add libldb.i686 for JVM

Openfire 3.7.0

Name : mysql

Arch : x86_64

Version : 5.1.52

Release : 1.el6_0.1

Server set-up

http://127.0.0.1:9090 for initial configuration, for admin GUI after configuration http://127.0.0.1:9091

I opened firewall ports

22

5222

7777

9090 – this can be blocked after configuration as port 9091 will be used thereafter for admin

To get this ‘switched off’ enter ‘-1′ in the openfire.xml file

9091

JVM

Increase JVM memory by adding DAEMON_OPTS=”-Xms256m -Xmx512m” to /etc/sysconfig/openfire

Connection Settings

baseDN: dc=foo,dc=local

adminDN: cn=mr.foo,cn=Users,dc=foo,dc=local — mr.foo@foo.local also worked for me

User Mapping

Username Field: sAMAccountName

Search Fields — I left this blank

Advanced Settings > User Filter: (&(objectClass=organizationalPerson)(mail=*)) — add everybody with an email address, if they have no email address in AD they they will not be added

or (&(objectClass=organizationalPerson)(cn=*)) — add everyone with a Name entry in AD

Group Mapping

Group Field: cn — the default

Member Field: member — the default

Description: description — the default

Advanced Settings > Group Filter: (&(objectClass=group)(cn=MrFoo_GroupDivision)) — I had a test group in AD created

Some of my notes for setting up Openfire 3.7.0 on CentOS 6.0 64-bit with Active Directory, and some of the gotchas.

1) If you have more than 1000 AD user entries (I did) the drop down option in management GUI allows you sort by 1000 “Total Users: 1,000 — Sorted by Username — Users per page:1000″ … well it doesn’t work, it will display a 1000 users but if you have more you are not offered any way via the GUI to view the next 1000, no little arrow to click forward, no page number 2…etc…etc. I believe there is a fix for this though, I read it some where.

2) Getting locked out (not the old bug that seem to exist v3.6.4) after editing. Okay, everything was ticking along nicely, I added myself as the “Administrator” user for Openfire and it allowed me to do everything one expected, I rebooted the server, stop/started Openfire to test if everything came back up, it did, I could still login as Admin, all working perfectly, I then did the following and got locked out.

Openfire > Server > Server Manager > System Properties, I wanted to edit the ldap.searchFilter, so clicked the “Edit” icon, made may edit and saved, restarted Openfire, and then I couldn’t login to Openfire, the login page was displayed, but it refused to accept my credentials, I tried stop/start again, all to no avail. In the end I decided to start over as it only takes a few minutes to configue Openfire (it might have been possible to delete/change the mysql db directly, I couldn’t be bothered), so I just set “true” to “false” and retarted from scratch…just to test I did the same thing again, edited the field, and got locked out again…so this could be a bug

Advertisements

About hedscratchers

A UK ex-pat now living in the USA.
This entry was posted in Linux & Solaris. Bookmark the permalink.

One Response to Fun and frolics configuring Openfire (XMPP)

  1. Okay, this is what you need to do if you have more than 1000 AD/LDAP entries.

    Go to Server > Server Manager > System Properties > Add new property
    And add the following:

    Property Name: ldap.pagedResultsSize
    Property Value: 1000

    Stop & start Openfire and you should now have more entries in the drop down menu, plus click-able page numbers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s