I tried to setup Openfire using ldap connection, openfire 4.0.1,

I used ApacheDS as the ldap server, ApacheDS 2.0.0 M20

and imported the sample ldif file, a SevenSeas organization with 12 pirates (inetorgperson) all with uid and userpassword attribute.

I added another inetorgperson with uid and userpassword.

Then I tried to have openfire connect to the ldap to search for users.

server type: other or unknown

host: 127.0.0.1 port:10389

baseDN: ou=people,o=sevenSeas

Administrator DN: uid=admin;ou=system    (default server administrator)

tests connection setting successful.

however then when I go on to user mapping, the test gave error

Status: Error

No users were found using the specified configuration. Try changing the base DN, user filter or username field.

I had the Username field set as uid, the default

having no success, I pressed save and continue

then I found in the openfire log file

2016.04.19 12:43:59 org.jivesoftware.util.Log - Error occurred while trying to get users data from LDAP

javax.naming.NamingException: [LDAP: error code 33 - ALIAS_PROBLEM: failed for MessageType : SEARCH_REQUEST

Message ID : 2

    SearchRequest

        baseDn : 'ou="people",o="sevenSeas"'

        filter : '(uid=*:[13])'

        scope : whole subtree

        typesOnly : false

        Size Limit : 40

        Time Limit : no limit

        Deref Aliases : never Deref Aliases

        attributes : 'uid'

org.apache.directory.api.ldap.model.message.SearchRequestImpl@c22a05fbSortReques tControlImpl [sortKeys=[SortKey : [uid]]]    ManageDsaITImpl Control

        Type OID    : '2.16.840.1.113730.3.4.2'

        Criticality : 'false'

'

: java.io.IOException: 系統找不到指定的路徑。]; remaining name ''

  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

  at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source).............................

I have no idea what a filter: (uid=*:[13]) mean, although I have 13 people in the group, and when I put in the same search in Apache DS studio, it returns no result.

However when I remove the ":[13]", such that the filter becomes just "uid=*", or when I just completely removes the search filter. the search in Apache DS studio returns fine with the 13 people.

I have no idea why openfire will add the number of entries in the the search filter (I tried removing the inetorgperson I added, then it became uid=*:[12]), if that be a bug or a misconfiguration by me, some help or tips will be very much appreciated.

One more thing I noticed is that when I try to restart ldap configuration hence the profile setting, the baseDN and administratorDN is not saved, such that it appears in the web just as o= and uid=, however the host, port, admin password was saved, hence I do not know if the baseDN and administratorDN is actually saved, though I suspect it be so because I tried enabling anonymous access in ApacheDS but the search still returns no result.

Hi to all.

I followed some guide on this forum, but i can't get SSO working with the following configuration:

* Openfire 4.0.2 on ubuntu 14.04 with JDK 1.8.0_77

* Active Directory on a Win2008R2 server with 2008 compatibility

* Miranda Client on a Win10 64bit

I started with this

Openfire: Enable Single Sign On (SSO) on Linux - Spiceworks

and readed on and on througout this forum.

Those are my configuration files:

# cat /etc/krb5.conf

[libdefaults]       default_realm = TSDN.AD       dsn_lookup_realm = true       dns_lookup_kdc = true       rdns = false 

[logging]        default = FILE:/var/log/krb5libs.log        kdc = FILE:/var/log/krb5kdc.log        admin_server = FILE:/var/log/kadmind.log 

[appdefaults]        pam = {    debug = true    ticket_lifetime = 36000    renew_lifetime = 36000    forwardable = true    krb4_convert = false    validate = true
}

# cat /etc/samba/smb.conf

[global]
workgroup = TSDN
security = ads
realm = TSDN.AD
kerberos method = secrets and keytab
password server = win2k8.tsdn.ad

# cat /etc/openfire/gss.conf

com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
storeKey=true
keyTab="/etc/openfire/krb5.xmpp.keytab"
doNotPrompt=true
useKeyTab=true
realm="TSDN.AD"
principal="xmpp/vm-gestsdn.tsdn.ad@TSDN.AD"
debug=true
isInitiator=false;
};

Content of /etc/openfire/krb5.xmpp.keytab

ktutil:  rkt /etc/openfire/krb5.xmpp.keytab
ktutil:  l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------   1    3          xmpp/vm-gestsdn.tsdn.ad@TSDN.AD   2    3          xmpp/vm-gestsdn.tsdn.ad@TSDN.AD   3    3          xmpp/vm-gestsdn.tsdn.ad@TSDN.AD   4    3          xmpp/vm-gestsdn.tsdn.ad@TSDN.AD   5    3          xmpp/vm-gestsdn.tsdn.ad@TSDN.AD

On Active Directory Server :

C:\>setspn -l tsdnservices
Registered ServicePrincipalNames for CN=TSDN Services,CN=Users,DC=tsdn,DC=ad:       xmpp/vm-gestsdn.tsdn.ad

If i try to login with username and password from a linux desktop (using pidgin) there's no problem.

Then i try with Miranda, the client I use in my office, on a Win10 machine.

If I try to connect with username and password, no problem.
Then I configured it with :

Use Domain Login: checked
Domain / Server: vm-gestsdn.tsdn.ad

And it doesn't work.

I can see in XML Console that miranda try GSSAPI auth:

<auth mechanism="GSSAPI">SOME VERY LONG STRING</auth>

but the server respond with a <not-authorized />

This is the log on the server:

2016.04.14 17:15:46 INFO  [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - User Login Failed. Failure to initialize security context

Where i have to break my head to try to solve this problem?

I think it's Kerberos that doesn't work, but how can i proceed?

Thanks a lot to everyone!

Updated style and syntax highlight

Boa tarde pessoal.

Estou com um problema pelo menos para mim bem complexo, dado que não estou conseguindo solucionado.

Utilizo o Openfire a anos instalado em um servidor Linux CentOS6.X com bano de dados Oracle.

Sempre funcionou 100%. Estou utilizando a versão 3.9.3 do Openfire e a versão 11g do Oracle.

Não utilizou o Openfire integrado com AD, pois não me sinto seguro em ativar esse recurso.

A alguns meses, o sistema começou a apresentar problema de Cache Roster.

Realizei várias pesquisas na internet e não encontrei nada que pudesse me ajudar.

Passaram mais alguma semanas, o sistema parou de registrar o log das conversar, utilizo o Monitoring Service para este tipo de serviço.

Após muita pesquisa, consegui solucionar o problema de gravação dos histórico de conversar, onde para este, removi o plugin Monitoring Service e reinstalei novamente. POrém o problema do Cache Roster não foi solucionado.

Sendo assim resolvi fazer a atualização do Openfire para a versão 3.10.0-1.

Antes de realizar a atualização, realizei o BackUp das contas de usuário em um arquivo XML.

Durante o processo de instalação, o sistema faz as perguntas básicas de configuração do sistema, como idioma, armazenamento dos usuários, banco de dados e por fim a senha atual do usuário Admin e a nova senha.

Ao informar a senha atual do usuário admin, o sistema mencionava que a senha estava inválida, então para confirmar, restaurei o backup da VM que estava instalado o Openfire e um outro computador e consegui acessar normalmente o Painel de Administração.

Sendo assim, deletei a máquina que havia tentado atualizar, fiz um novo backup da produção e tentei fazer o upgrade novamente, agora aplicando todas as versões novas do Openfire, sendo 3.10.1, 3.10.2, 3.10.3 e por fim a 4.0.2.

Mesmo assim não consegui passar da tela de senha do usuário admin conforme descrevi a cima.

Realizei várias pesquisas na internet e tentei utilizar todas as dicas que encontrei, mas nenhuma dive sucesso.

Fiz a alteração do arquivo openfire.xml, removi o conteúdo da tabela PASSWOREMCRIPTY da tabela ofUser do banco de dados, adicionei uma senha temporária sem criptografia para o usuário admin direto no banco de dados, mas não tive sucesso.

Após todos esses testes, resolvi criar uma nova máquina com a versão 4.0.2 do Openfire e instalar tudo do zero, aproveitando as informações do banco de dados.

A instalação da nova versão foi um sucesso e bem rápida, porem até essa nova instalação fiquei barrado no caso do usuário Admin, ou seja, não consegui prosseguir.

Editei o arquivo XML para verificar a senha do usuário Admin (pois ele descriptografa a senha e armazena ela lá), consultei a senha e esta é a mesma que estou digitando.

Anexei o print da tela de instalação para mostrar a mensagem de erro.

Alguém poderia por favor me enviar alguma dica ou me ajudar a solucionar esse problema. Tenho mais de 250 usuários ativos e estou com uma lista de 20 usuários para serem cadastrados e não consigo realizar o procedimento pois não consigo acessar a console de administração.

Desde já agradeço a colaboração de todos.

Att.

Rogério

Не как не могу настроить, чтобы история отображалась на двух устройствах, на пример днём велась переписка на Пк а вечером через телефон! как настроить чтоб архив сообщений объединялся в один

Disclaimer: i'm not a developer, but as this question pops quite often and i have to dig for the recent conversation to provide a link or repeat everything again, i thought this could be useful to have such document and bookmark it for future references.

Background:

Some systems like Apple's Messages or Google Hangouts support syncing of incoming and outgoing messages between a few connected clients with the same username.

Openfire is a XMPP standards compliant server, so mostly it has features (XEPs) provided by XMPP standard (xmpp.org). Custom features can be added, but they shouldn't interfere with the standards. So, sometimes there is no way to add something to Openfire as this would make it a non-standard server.

Message Carbons:

XMPP has a XEP covering synchronization of the outgoing and incoming messages between several clients logged in with the same username (XEP-0280: Message Carbons). This protocol is still in an experimental state, so no servers or clients are obligated to support it. Both server and a client must support this.

Starting with Openfire 3.9.2 version the server has a support for this protocol: [OF-758] Add support for XEP-0280 "Message Carbons" - Jive Software Open Source

There is also a support for this in the Smack library (starting with 3.4.0 version), which various clients are based on (e.g. Spark): [SMACK-529] Add support for XEP-0280 "Message Carbons" - Jive Software Open Source

Spark doesn't have support for this as it is using the older Smack version and even if Smack is updated to 3.4.0 it still would probably need additional work to make it work in Spark. Here's a ticket for this [SPARK-1585] Add support for XEP-0280 "Message Carbons" - Jive Software Open Source Nobody is working on it as Spark currently has no active developers.

Here's a list of clients that are known to support Message Carbons. Feel free to extend this list:

• Yaxim (Android - freeware)
• Conversations (Android - commercial)
• Gajim (Linux, BSD, Windows - freeware) (note: in my test not always worked reliably, but this may be my testing environment fault)

Note: this only works when both (or more) clients are online. If client1 sends a message, but client2 was offline during that moment, client2 won't have this sent message in his history. There is no history synchronization like in Google Hangouts.

Message Archiving and Message Archive Management:

There are also two XEPs covering history storing on the server and history synchronization between devices. Older and more broad XEP-0136: Message Archiving and still in experimental state XEP-0313: Message Archive Management. There is no full support for this in IgniteRealtime projects (as far as i know), but Monitoring Service has some support for this, also Openfire has an initial support. Smack doesn't have MAM support yet. When implemented, this will allow to have history storage and full synchronization a'la Hangrouts/iMessage style.

Related tickets in the tracker:

[OF-1113] Improve, broaden, and update support for XEP-0136 and XEP-0313 - IgniteRealtime JIRA

[SMACK-435] Add support for XEP-0136 Archive Messaging - IgniteRealtime JIRA

[SMACK-625] Add support for XEP-313: Message Archive Management - IgniteRealtime JIRA

Spark doesn't have support for MAM or older XEP-0136. As it still relies on the older Smack version, it won't have support for this even when Smack implements it. Spark needs a competent developer to update it to the latest Smack. Xabber has an option to store history on the server. Most probably it can also retrieve it from the server.

Route.all-resources setting (old partial workaround):

Openfire has an option to create a system property route.all-resources and set it to value true. This setting makes Openfire send a copy of an incoming message to every connected client with a same username, different resources (in xmpp a client can only be logged with a same username simultaneously if every connection is using a different resource, e.g. user@server/resource1 and user@server/resource2) and the same highest priority. But the server sends copies of messages to a bare JID (full JID: user@server/resource; bare JID: user@server). Usually clients send replies with a full JID and XMPP standards require that server should always send a message to one resource only, if a message has been sent to a full JID. This way usually only a first message is received by all connected clients, but as one of them starts replying, then the conversation only goes through that client.

This setting hasn't been intended for full message synchronization and shouldn't be used for that. Message Carbons is the way to go.

Hello.

We are going to make a commercial IM with Openfire and Spark.

I know that the license of Openfire and Spark IM are under Apache 2.0.

But in your read me file, you specified some license policies as follow.

All ownership and copyright of the images and icons included in the Software

distribution remain the property of Jive Software and INCORS GmbH. Jive Software

grants to you a nonexclusive, non-sublicensable right to use the icons royalty-free

as part of Openfire.

You may not lease, license or sub-license the icons, or a subset of the icons,

or any modified icons to any third party. You may not incorporate them into your

own software or design products.

All icon files are provided "As is" without warranties of merchantability and

fitness for a particular purpose. You agree to hold Jive Software harmless for

any result that may occur during the course of using the licensed icons.

So our questions are as follows.

- If the images are prohibited to use commercial use, we are going to substitute all images to other images.

- Of course we are going to follow your license policy(Apache 2.0)

- If we make commercial instant messenger with Xabber as described above, are there any problems?

If we have a problem, please let us know.

Thanks...

We used to have about 2-3 admin users for Spark, but the original tech people who set it up no longer work in our organization and the usernames and passwords were never recorded. How can I go about resetting or figuring out the password, without reinstalling the whole software again?

Any help is greatly appreciated.

Thanks

Ahmed

I have installed OpenFire according http://wiki.contribs.org/Openfire without any issues. I'm using LDAP authentification as described on http://wiki.contribs.org/LDAP_Authentication#OpenFire.

The problem I was facing is empty groups, or groups without members, and my SME groups for sure have members. I have tried several options of the ldap.groupSearchFilter and ldap.groupMemberField without luck.

Any idea how to get my SME groups populated with members within the OpenFire Groups?

Bom dia

Pessoal como faço para excluir o usuários que estão inativos no AD Windows para não aparecer no spark ao usuários logar.

Pq estão aparecendo como of

openfire 4.0.2

https://github.com/igniterealtime/REST-API-Client

I am using the REST API Client to add a user to a room.

Looking at the debug information it seems to return success 201. However, the user is not added to the chat room.

1 > POST http://10.10.20.160:9090/plugins/restapi/v1/chatrooms/coffeeroom/members/steve@localhost.localdomain
1 > Authorization: Basic YWRtaW46Zm9ydW0xOA==
1 > Content-Type: application/xml

Apr 06, 2016 12:31:51 AM org.glassfish.jersey.filter.LoggingFilter log
INFO: 1 * Client response received on thread http-nio-8080-exec-2
1 < 201
1 < Access-Control-Allow-Credentials: true
1 < Access-Control-Allow-Headers: origin, content-type, accept, authorization
1 < Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
1 < Access-Control-Allow-Origin: *
1 < Content-Length: 0
1 < Date: Tue, 05 Apr 2016 17:31:51 GMT
1 < Expires: Thu, 01 Jan 1970 00:00:00 GMT
1 < Set-Cookie: JSESSIONID=153sgnfp1oi1x16rjo68kvbwz8;Path=/;HttpOnly
1 < X-Frame-Options: deny

I have successfully created new group chat rooms using the REST API, but can't add any users into them. Using this code.

mRestXmppClient.getRestApiClient().addMember(roomName, username);

Just wondering for this to work do I need to add any particular setting for the users, rooms, roles to add a user into a chat room?

Many thanks for any suggestions,

Message was edited by: wroot

Hi everyone,

I'm trying to setup Openfire 4.0.2<->LDAP interaction, almost everything works fine except group filtering. I see no group filtering rule in Administration Web Console (there is ldapsearch filter but for users only). I have found in docs that there is a ldap.groupSearchFilter option - but can't understand exactly how to use it. This document has an example on how to implement such a filtering by using openfire.xml. But this example isn't really clear for me - in my understanding Openfire setup divided into 2 parts: one is openfire.xml and another keeps somewhere else (other configuration files or in DB) and openfire.xml doesn't contain settings mentioned in Web Console so I final configuration is an aggregation of these 2 (or more than 2) parts.

I'll be appreciated if somebody could put some light on how to impolement LDAP Group filtering. I'd like to filter group - not all groups available in LDAP Directory are really needed in Openfire.

Right now I see that I have to add ldap.groupSearchFilter option into openfire.xml. But there are other settings included in mentioned example - should I add these settings as well? If I'm right thinking that final config is an aggregation of openfire.xml+something_else and keeping in mind that I already adjusted other LDAP related settings by Web Console, will such addition break my configuration or not? From my experience: for some systems if you have same settings adjusted in a config file and in a DB, config file might override same option. Openfire works like that or not?

I have an android app which connects to OpenFire server. If the app is closed (swiped out), the messages stop delivering to the app client. How can I fix this?

Also, even in normal working state, sometimes the client goes offline, probably because there was a short internet disconnection.

I've spent almost 2 days tyring to understand how to make search plugin running. All recipes from this forum doesn't work for me, search not running after all changes made in a system ("Searchable Fields" empty in settings, I can see search service but no results from it etc.). Unfortunately I see no documentation describing how to adjust this plugin so I'd like to try debugging.

I'm using LDAP connection and it works fine itself: users are able to login (right now we're using Spark), Profile filled with info from LDAP etc. But users are not happy because they cannot search for their colleagues and the option "Just use Jabber ID" isn't a solution here: it's inconvinient to remember JID and anyway first of all they have to get such JID from somebody who will be added.

Hello,

As stated from the devs OpenFire 4.0.2. has issues with Java 7, and the advice is to roll back to 4.0.1.

Great, but where is the download archive? I can only find the latest release and nightly builds. Where do I download 4.0.1?

Thanks.

I have LDAP Directory as a user source and authentication vault. Working with Web Console I found that every time I'm clicking on "Users/Groups" tab, a lot of time needed to render that page. LDAP Directory trace showing every time that all users are getting by Openfire.

Why Openfire doesn't store initial request result in something like a Cache? If you have a lot users (in my case it's about 2K+), that's very inconvenient to wait when such a request will be finished. Anyway such requests provide high workload for both LDAP and Openfire server.

I ve updatet my openfire Installation (Raspberry with Raspian) to 4.0.2...

then no login from Spark Clients were possible. After some search here i ve read that the java Version have to be 1.8.

Then I ve updatet my installation to 1.8 with this manual:

How To Install Oracle Java 8 In Debian Via Repository [JDK8] ~ Web Upd8: Ubuntu / Linux blog

After that i cant connect to the admin Interface... and Spark doesnt connect too.

ERR_CONNECTION_REFUSED

Java - version:

java version "1.8.0_77"

Java(TM) SE Runtime Environment (build 1.8.0_77-b03)

Java HotSpot(TM) Client VM (build 25.77-b03, mixed mode)

There is no Openfire process in top and when i try to start openfire by hand:

sudo /etc/init.d/openfire start

this is the only that comes back:

best java alternative in: /usr/lib/jvm/java-8-oracle/jre

Starting openfire: openfire.

but still no openfire process....

I am looking for documentation on explaining and configuring the different pieces of the Openfire Server.  Is there some place that I can get help with these configurations?

So Openfire seems to be eating like 99.4% of its memory allocation.

We are running openfire on a server '03 64bit machine that has 16gigs of ram. 64 bit version of Java.

we have the openfire-service.vmoptions file set with values

-Xms1536m

-Xmx1536m 

1.5G

I can't get past this value. I've tried setting them to 2048 etc and the service just will not start.

I've gone in and set the Java memory parameter itself to 3gigs to give some over head and tried adjusting the options file again to no avail.

Any ideas? I was under the impression that with a 64 bit OS and JRE i could give it as much memory as i want?

In this example I'll be using the following:

AD domain = AD-DOMAIN.local

access group = Openfire Access Group

roster groups = _IM Group1, _IM Group2

(*note - I'll be using _IM as part of a wildcard search, so all my groups start with _IM for that reason)

First create your security groups:

1. Create a Domain Local Security Group. In our example call it Openfire Access Group. In this example, I've placed the group in the user container

2. Create regular security groups (usually Global). In this example: _IM Group1 and _IM Group2.

3. Make _IM Group1 and _IM Group2 members of the Openfire Access Group

4. Add your users to the _IM groups

NOTE: be sure to include your openfire admin account in a group, or you will not be able to log into the admin page.

5. Next, set your system properties in openfire:

ldap.baseDN

DC=AD-DOMAIN,DC=local

ldap.groupSearchFilter

(&(objectClass=group)(cn=_IM*))

*This will only list groups that start with _IM

ldap.searchfilter(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556. 1.4.1941:=CN=Openfire Access Group,CN=Users,DC=AD-DOMAIN,DC=local))(!(userAccountControl:1.2.840.113556.1.4. 803:=2)))

* watch out for cut and paste issues.  Sometimes an extra spaces will be added in the string that will need to be removed. There should be no spaces in memberOF or userAccountControl.

*This string will only allow, and display users that are members of the Openfire Access Group (including members of nested groups) that we created earlier. Disabled user accounts are excluded.

Restart Openfire.

At this point, only the _IM groups will be listed, as will only the users of the groups.

6. Enable Contact List Sharing for shared rosters. (optional)

Can I somehow delete a grup chat conversation history under the conferences. I saw somewhere I can delete all of it (as I remember) but I want to delete just one group.

Thanks.