I have put in Openfire as an installation for testing. Once I got over the installation with AD hurdle it was pretty much gravy, but I have some questions before I move this to a proper working enviroment.
1: When I dumped the AD into the local database, it gave me all the users. I’d rather just have it from two groups, let’s name them (Not the real names) TechOne and TechServ. The Domain is IMS.LOCAL and I know the IP and Name of the Controller.
2: This one is probably more spark related, but is there a way to log in by specifying the domain instead of the server? I’m already using SSO and that works out but I have to specifiy the server straight away.
3: Lastly, in the interest of standards compliance, does any installation of openfire phone out to the internet by default? If so, how can I disable this? We’re not using any sort of WAN or virtualization so that might make it easier.
Try to keep the answers dumb and thorough. I’m a programmer, not a system admin.
You have to use group filters and search filters to accomplish what you are trying to do. the “groups” are for roster groups and not really for access to openfire. however, you can create a dynamic authorization group to accomplish what you want to do. I also HIGHLY recommend using a backend database, such as mssql or mysql before doing any of this. That way, you can easily revert any changes back if you lose access to the GUI via the database tables.
for this example, I’ll be making the following assumptions
AD domain = IMS.local
access group = Openfire Access Group
roster groups = _IM TechOne, _IM TechServ
to create the dynamic access group, you need to create a Domain Local Security Group. In our example call it Openfire Access Group. Place this in your User container
Created regular security groups, in our example _IM TechOne and _IM TechServ. Make them a member of the Openfire Access Group
Add your users to the _IM groups (including your openfire admin account)
I want to know what I’m supposed to put in these fields to restrict access to only the group “Fireball” (Security Group on DC with no assigned rights). Though everytime I press test I get a guy who’s not in said group or it errors out (as in this case you see).
for the time being, you should just accept the defaults. once you get through the setup, you can change the filter. I’ve never messed with the filters during the inital setup, I’ve always make my changes later.
Alright. I’ve figured out something. Using LDP from the Windows XP Service Pack 2 Support Tools I decided to go domain browsing with it and to my irk the group I made (Fireball) doesn’t show up. I can’t quite figure out why, does my domain admin I’m searching the AD with need to be part of the group or something?