Authenticating Active Directory Server users to Openfire Server

Authenticating Active Directory Server users to Openfire Server

In a previous guide, we successfully installed openfire and made some basic configuration to our openfire server. We have even gone further to login users added manually to our server. The bad news though, is that, manually adding users to our openfire server can be a hassle if we have a very large network of users.

It is not uncommon to see most network utilise a directory server of some sort, like the openldap, microsoft active directory, samba4 directory server. This “Authenticating Active Directory Server users to Openfire Server” will let samba4 directory server centrally manage users access to the openfire server.

Please note that once you have granted samba4 or any directory server the permission to authenticate users into your openfire server, you will not be able to add users manually through the openfire console.

If you do not have a directory server, follow this guide on how to install microsoft active directory server on windows server 2016 or make use of samba4 directory server, in the guide samba4 active directory domain controller on debian 8.

Authenticating Active Directory Server users to Openfire Server.

Install openfire as shown in the openfire guide, then, navigate to http:ip address of openfire server:9090.

You will be presented with this screen as shown.
How to Install and Configure OpenFiree

Select your language, and click continue. Next, enter in the fully qualified domain name of the openfire server and click continue.

For now, select the embedded database and click continue.

Next, tick directory server ldap, as the user and group system to use with the server.

We are going to use Samba4 active directory to enable authentication against the active directory server.

On the samba4 active directory server, go to

#sudo vim /etc/samba/smb.conf and add the line below in the global section:

ldap server require strong auth = yes

ldap require strong authentication

On the openfire server, The connection settings will be:

server type = active directory

host = ip address of samba4 active directory

port = 636 . This is the secure LDAP port that will be used for SSL/TLS negotiation before any ldap traffic is exchanged.

Base DN= ou=PH,dc=carehealth,dc=local.  We placed all our users in the organisational unit called PH.

Administrator DN = Administrator@carehealth.local

ldap connection settings

Test your settings by clicking on the test settings button. If all went well, you should get a successful message.

Click save and continue. Leave the user and group mapping as it is, except if you have any real reason to change it, then click save and continue.

Now add a user from active directory that has domain admin rights to the system. This step is very important, else you will not be able to log into your openfire server again.

Login to the openfire interface with the admin user account and the password from active directory.

If you click on users/group => users, you should see all the users under the PH organisational unit.

Try to login using spark client with the username from active directory, and you be logged in successfully.

If you will like to reset your configurations and start afresh, then locate your openfire.xml file by going to /usr/share/openfire/conf/openfire.xml on ubuntu 16.04

If you are experiencing any problems whatsoever, feel free to use the comments section below.

In our next guide, we will use openfire with an external database. Stay Tuned.

Next: Integrating Openfire with external database


Did You Enjoy What You Read? Sign Up To Our News Letter
I agree to have my personal information transfered to MailChimp ( more information )
Join over 1.000 visitors who are receiving our newsletter and learn how to design networks that work using open source technology and commercial offerings. Also learn how to proactively defend against security threats.
We hate spam. Your email address will not be sold or shared with anyone else.
Share This.