I’ve successfully setup Openfire 3.7.1 communicating with OpenLDAP 2.4.28 on ArchLinux 2011.08.19. I want XMPP users to be able to register and the registration should be accepted by OpenLDAP server and (because it’s LDAP) the registration should be global. So if a user comes in, registers through XMPP, he should be able to login on the web or access his public FTP. The same with web registration. How can I accomplish this? my current slapd config is this:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /run/openldap/slapd.pid
argsfile /run/openldap/slapd.args
access to dn.subtree="dc=domain,dc=tld" attrs=uid,userPassword
by self write
by anonymous auth
by * none
access to dn.children="dc=domain,dc=tld" attrs=cn,gn,sn,displayName,mail,mobile,homePhone,homePostalAddress,telephoneNumber
by self write
by * read
access to dn.subtree="dc=domain,dc=tld"
by * read
access to * by * read
database bdb
suffix "dc=domain,dc=tld"
rootdn "cn=Manager,dc=domain,dc=tld"
rootpw {SSHA}secret
directory /var/lib/openldap/openldap-data
index objectClass eq
You will need to actually create the user information on the OpenLDAP server following their registration on the OpenFire server. The connection from the OpenFire server to the LDAP database is considered ‘read-only’.
If you want to have the data globally available following registration, you will need to insert the user into the LDAP server. It is trivial to insert user information into an OpenLDAP server, but I think to add user information to an Active-Directory server requires specific tools (I’ve never used anything other than windows client-side tools to perform this activity against a windows server).
I don’t know enough about the OpenFire system to know how you would accomplish this.