I apologize if all this has been covered elsewhere…
I’ve spent the last day setting up OpenFire in our Mac environment. I’ve learned a few things that might come in handy for others in my shoes. Some of this I’ve learned from others and I will try to give credit insofar as my notes and memory allow. I hope this helps fellow Mac users get their OpenFire servers up and running more quickly than I did.
Background:
Open Directory Server: Mac OS X Server 10.6.3 (MacMini Server)
OpenFire Server: Mac OS X Server 10.5.8 (Intel Xserve)
Clients: Various Mac OS X 10.4.11 - 10.6.3 - iChat
First, I couldn’t stand that OpenFire was using 32bit Java 1.5. It wasn’t honoring my settings in Java Preferences, so I modified /usr/local/openfire/bin/extra/openfire-launchd-wrapper.sh . It wasn’t the first thing I did, but knowing what I know now, I would have done it right after running the install pkg.
export
JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home
AND
$JAVA_HOME/bin/java -server -jar “$OPENFIRE_HOME/lib/startup.jar” -Dopenfire.lib.dir=/usr/local/openfire/lib&
(Credit to Wolf Gilbert : Link to thread)
I did the basics when running through the initial setup:
Language= English
Domain= The FQDN of the server (automatically entered)
Admin Console ports=
Database= Embedded
Profile Settings= Directory Server (LDAP)
LDAP Server…
Server Type= OpenLDAP
Host= The FQDN of my Open Directory server
Port= 636
Base DN= dc=subdomain,dc=domain,dc=lan (obviously, you’ll put your base dn here)
Authentication: I don’t believe this is necessary for OD.
Advanced Settings= Enable ‘Use SSL’
User Mapping…
Username Field= uid
Advanced Settings…
Search Fields=
User Filter= (&(uid={0})(apple-imhandle=Jabber*)) <— I’ll explain this later. If you need to add this after the initial setup do the following:
From the web admin console:
Path: Server:Server Manager:System Properties:
Property Name= ldap.searchFilter
Property Value= (&(uid={0})(apple-imhandle=Jabber*))
IMPORTANT: Before you continue, add a Jabber address to the Open Directory user that will be administering OpenFire. This is easily done in Workgroup Manager under the Info tab. In the Chat field, add a record, and select ‘Jabber’ from the popup menu. If you don’t do this, the above user filter will keep your admin user from registering.
User Profiles (vCard)=
Group Mapping…
Group Field= apple-group-realname
Member Field= memberUid
Description Field= description
Advanced Settings…
Posix Mode= Yes
Continuing to the Admin Console, I did the following…
- In System Properties, I added
Property Name= sasl.mechs
Property Value= CRAM-MD5
which allowed my iChat clients to send their passwords securely.
- Under Users/Groups:Groups:Group Summary, I selected an OD group that contained all my users. I then clicked ‘Enable contact list group sharing,’ named it, clicked ‘Share group…’ and ‘All users.’
Before you click ‘Save,’ take a look at the listed group members. Except for the admin user, they should all be black with a red asterisk. This is the result of the User Filter. Without the user filter, all these users appeared in the shared buddy list AND all could log in. I used the filter because I couldn’t see a way to limit user access by OD group.
Now, if I want to enable a user’s access to OpenFire AND simultaneously add them to the shared buddy list, I just add a Jabber address to their Open Directory account in Workgroup Manager.
My next endeavor will be to get my GoDaddy cert to work. I’ll be checking out this page with high hopes…
Regards,
Lyle Millander