How To Set Up An Openfire With Libap On A Cdd (Dns) On A Pc Or Mac Or Ipad (Dnt) On An Ipad Or Ipa (Dn) On Your Pc Or Ipo (D



Similar documents
Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Using LDAP Authentication in a PowerCenter Domain

WirelessOffice Administrator LDAP/Active Directory Support

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

HP Device Manager 4.7

Active Directory Integration

Configuring Sponsor Authentication

LDAP User Guide PowerSchool Premier 5.1 Student Information System

SharePoint AD Information Sync Installation Instruction

PriveonLabs Research. Cisco Security Agent Protection Series:

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Version 9. Active Directory Integration in Progeny 9

SOFTWARE BEST PRACTICES

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Authentication Methods

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Active Directory Requirements and Setup

SchoolBooking LDAP Integration Guide

Active Directory LDAP Quota and Admin account authentication and management

Integrating LANGuardian with Active Directory

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Deploying ModusGate with Exchange Server. (Version 4.0+)

How To - Implement Single Sign On Authentication with Active Directory

Remote Authentication and Single Sign-on Support in Tk20

Livezilla How to Install on Shared Hosting By: Jon Manning

Skyward LDAP Launch Kit Table of Contents

Configuring and Using the TMM with LDAP / Active Directory

Coveo Platform 7.0. Microsoft Active Directory Connector Guide

PineApp Surf-SeCure Quick

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Active Directory Integration

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

NETASQ ACTIVE DIRECTORY INTEGRATION

Configuring Active Directory Binding for OS X (10.4.x) within Miami Dade Schools

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Configuring the Active Directory Plug-in

IIS, FTP Server and Windows

Setting Up Scan to SMB on TaskALFA series MFP s.

How To Set Up A Webmin Account On A Libc (Libc) On A Linux Server On A Windows 7.5 (Amd) With A Password Protected Password Protected (Windows) On An Ubuntu (Amd

LDAP and Active Directory Guide

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Configuring idrac6 for Directory Services

Troubleshooting Active Directory Server

Quality Center LDAP Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Created by Hotline Support Konica Minolta Hotline Support (UK) V1.2

OneFabric Connect and Lightspeed Systems Rocket Web Filtering Appliance

Active Directory. Learning Objective. Active Directory

NetIQ Advanced Authentication Framework - MacOS Client

User-ID Best Practices

CA Performance Center

User Source and Authentication Reference

Delegated Administration Quick Start

6) Click the lock in the lower left corner of the Directory Utility Window and authenticate with the local administrator account s credentials.

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Using DC Agent for Transparent User Identification

ProxySG TechBrief LDAP Authentication with the ProxySG

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Click Studios. Passwordstate. Installation Instructions

ADS Integration Guide

How To Set Up Egnyte For Netapp Sync For Netapp

TIBCO Spotfire Platform IT Brief

Steps to setup authentication and enrolment through LDAP protocol

MICROSTRATEGY 9.3 Supplement Files Setup Transaction Services for Dashboard and App Developers

Installing and Configuring Active Directory Agent

VERALAB LDAP Configuration Guide

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

User Identification (User-ID) Tips and Best Practices

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Content Filtering Client Policy & Reporting Administrator s Guide

HP Device Manager 4.6

Integrating Webalo with LDAP or Active Directory

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Getting Started with Clearlogin A Guide for Administrators V1.01

Jive Connects for Openfire

Sample Configuration: Cisco UCS, LDAP and Active Directory

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Using LDAP for User Authentication

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Polar Help Desk Installation Guide

Configuring User Identification via Active Directory

ALTIRIS CONNECTOR 6.0 FOR ACTIVE DIRECTORY HELP

Using LDAP for User Authentication

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Prerequisites and Configuration Guide

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Enabling single sign-on for Cognos 8/10 with Active Directory

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Click Studios. Passwordstate. Installation Instructions

Transcription:

1 of 8 2/6/2012 8:52 AM Home OpenFire XMPP (Jabber) Server OpenFire Active Directory LDAP integration Sat, 01/05/2010-09:49 uvigii Contents 1. Scenario 2. A brief introduction to LDAP protocol 3. Configure Open Fire 4. Tuning performance 1. Scenario The scenario goal is to set up OpenFire with LDAP based authentication against Microsoft (MS) Active Directory (AD). 2. A brief introduction to LDAP protocol LDAP is an application protocol. OpenFire will act as a client to a LDAP server - MS AD in our case. We will use AD LDAP for two reasons: User authentication Contact list (roster) population with users and groups already defined in AD. How it works: You enter username and password in your jabber client. Your client sends your credentials to the OpenFire Server. The OpenFire server tries to connect to the LDAP server with these credentials (make a bind). If connection is successful the OpenFire server knows, that you are the one who you pretend to be. The OpenFire server reads user and group information from the AD via LDAP protocol according to some predefined

2 of 8 2/6/2012 8:52 AM criteria (search filters). Basic assumption: The easiest way to understand LDAP protocol is to imagine that the file browser on your computer is a LDAP server. You have a com directory with a subdirectory named company. The company directory in turn contains a subdirectory named my and so on. Let's assume that you search for all png files. Depending on your search starting point your results will vary. If you search starts at OUS folder, you probably won't get any results. In terms of LDAP the search starting point is called base dn and the search criteria is called search filter. Now a real example: Suppose we have an AD. The domain is called my.company.com, and the FQDN of the domain controller is dc1.my.company.com. There are two groups: sales and it. Both reside in Groups Organizational Unit (OU), which resides in OUS. We also have a Users OU. At the picture below you can see how the AD looks like viewed in Active Directory Users and Computers (at foreground) and viewed by an MS LDAP browser called ADSIEDIT (at background). Please take a look at the Distinguished Name. You can think about it as a full path to an object (a group, a person, etc.) in AD while using LDAP notation. Remember the example above? You can denote cn as a common name, ou as an organizational unit, dc as a domain component.

3 of 8 2/6/2012 8:52 AM You can see how people records (DNs) look like in the AD and in an LDAP browser: 3. Configure OpenFire First open your web browser. In our case OF is installed on dc1.

4 of 8 2/6/2012 8:52 AM Next enter a domain name.

5 of 8 2/6/2012 8:52 AM Choose LDAP integration Configure database settings, then enter necessary information. Please note, that you can use a dedicated user account for OF administrator, no need for AD administrative privileges. Test settings!

6 of 8 2/6/2012 8:52 AM Tweak your user and group filters! You can use this simple filter to extract only users with a valid email address. Of course you can use any valid field in LDAP schema as a search criteria. (&(objectclass=organizationalperson)(mail=*)) You can filter groups by 'group name'. This filter will extract only groups ending with '-fg'. (&(objectclass=group)(cn=*-fg))

7 of 8 2/6/2012 8:52 AM Remember to test the admin login! 4 Tuning performance 4.1 Java virtual machine memory settings In order to achieve best performance you will need to increase default memory used by java VM. In Gentoo linux - go to /etc/conf.d/openfire and change -Xmx2048m to the desired value. /etc/conf.d/openfire OPENFIRE_HOME=/opt/openfire OPENFIRE_LIB="${OPENFIRE_HOME}/lib" OPENFIRE_OPTS="-Xmx2048m -DopenfireHome=${OPENFIRE_HOME} -Dopenfire.lib.dir=${OPENFIRE_LIB}" OPENFIRE_CLASS="-classpath ${OPENFIRE_LIB}/startup.jar" OPENFIRE_JAR="-jar ${OPENFIRE_LIB}/startup.jar" OPENFIRE_ARGS="-server ${OPENFIRE_OPTS} ${OPENFIRE_CLASS} ${OPENFIRE_JAR}" #JVM used by the openfire server. You can see a list of available vm's in /usr/lib/jvm/ #But remenber that openfire needs a 1.5 jvm

8 of 8 2/6/2012 8:52 AM GENTOO_VM=sun-jdk-1.5 4.2 Cache properties You have to monitor your cache performance and most likely you will have to increase cache size. Go to server manager:: Caches summary. Watch for Roster cache size and usage. Some symptoms of inefficient cache size are: slow user connection, users appears offline while connected, messages are delayed, LDAP server experiences heavy traffic. Properties to note: cache.ldap.size cache.usercache.size cache.usergroup.size cache.username2roster.size cache.vcardcache.size I achieve best performance boost with Username2Roster. If you have a large number of users and frequent logins, you can try to enable authcache: ldap.authcache.enabled ldap.authcache.size 4.3 Uninstall modules Remove all unneeded modules. ToDo / Note this is a work in progress/: add links, more tweaks, more search filters. OpenFire XMPP (Jabber) Server up OpenFire LDAP paged result size Login or register to post comments

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information