Connection Settings - LDAP Setup for AD

Cristian_G · August 13, 2007, 7:54am

Hi there,

I’m trying to setup OpenFire to get the user information off Active Directory. I’m following the documentation on this page but I fail to set it up succesfully.

My Domain Controller is an IBM Server named OC-DC-01 (192.168.1.250).

This is what my AD looks like:

Active Directory Users and Computers

oncal.local

+Bulitin

+Computers

+Domain Controllers

-My Business

+Computers

+Distribution Groups

+Security Groups

-Users

-SBSUsers (this is where all the user accounts are)

-Special Mailboxes

+Program Data

+System

Users

Based on the above this is how I configured OpenFire:

Server Settings:

Domain: OC-DC-01

Admin Console Port: 9090

Secure Admin Console Port: 9090

Profile Settings: Connection Settings

Server Type: Active Directory

Host: oncall.local

Port:389

Base DN: cn=MyBusiness;dc=oncall,dc=local

Administrator DN: cn=LanAdmin,dc=oncall,dc=local (LanAdmin is an admin account part of the Security Groups - Administrators)

Password: LanAdmin’s Password

And this is the error I get…

Status: Error

Error Authenticating with the LDAP Server. Check Supplied Credentials.

Openfire 3.3.2

Admin console listening at http://127.0.0.1:9090

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

Any Suggestions Please?

Tim_Tretyak · August 13, 2007, 8:06am

Hi!

In AD is much simpler to authenticate by principal like “user@domain”, in your case “LanAdmin@oncal.local”.

Second - if your hosr named “oc-dc-01” and domain “oncal.local” put hostname to hostname field and domain on domain one not

as in your example.

Cristian_G · August 13, 2007, 9:02am

I’m sorry, but I don’t understand your solution. Could you please give me an example of what you mean?

Tim_Tretyak · August 13, 2007, 9:16am

Ok, step by step:

Tab “Profile Settings”->Edit:

Host: OC-DC-01

Port: 389

BaseDN: dc=oncall,dc=local

Administrator DN: LanAdmin@oncal.local

Password: ******

“Save And Continue”

On next tab check the:

“Username field” is “sAMAccountName”

Greg_Tangey · August 27, 2007, 2:17pm

If you want to drill down to your SBS Users…

OU=SBSUsers,OU=Users,OU=MyBusiness,dc=oncall,dc=local

It wasnt working for you because MyBusiness is an organizational unit (OU).

Surendra_kamath · September 4, 2007, 4:34am

could u please explain group maping step ?