Community Forum

Resolved
0 votes
Hello,

I'm going through the install of openfire on Ubuntu 14.04 server. I have a ClearOS server up and running and I've installed it as a PDC along with Directory Server and Zarafa. Works great so far!

I want to use our ClearOS for my users in openfire so I'm putting in the connection settings in openfire to connect to my ClearOS LDAP server. I'm stumped as to where to find the following from my ClearOS Server?

Base DN - I can see under Directory Server in Clear a base dn. I'm guessing this is what I need.
Administrator DN - Under Directory Server in Clear I have no Administrator DN...where do I find this?
Password - I see under Directory Server a Bind Password. Is this the password openfire needs for LDAP access?

I've input the Base DN and Password from my ClearOS Directory Server and tried using the Bind DN in place of the Administrator DN just to see if this works. It doesn't. When I try this (using port 389 by the way) I get the following error:

Error connecting to the LDAP server. Ensure that the directory server is running at the specified host name and port and that a firewall is not blocking access to the server.

How do I make sure my Directory Server is running. There is no Stop/Start on ClearOS for Directory Server.
Where do I confirm the Base DN and Administrator DN and Password openfire needs?

Thank you in advance for any information you can provide for me.
Friday, August 07 2015, 10:01 PM
Share this post:
Responses (7)
  • Accepted Answer

    Wednesday, August 12 2015, 03:52 PM - #Permalink
    Resolved
    0 votes
    Thank you Nick for your suggestions and patience.

    I've confirmed that my LDAP is working. I've searched the forums and found the hack on how to use port 389 instead. I think the problem I'm facing is that ClearOS has a self-signed cert for port 636 which OpenFire can't or won't accept so I get the socket failed message. When I applied the hack to use port 389 instead I can now get past the socket closed error I was getting...but I really don't want to use 389. So I'll open a case with ClearCare Support to find out how to use my Wildcard SSL Cert on ClearOS for our LDAPS. That should solve my issue.

    I also discovered something interesting...The publish policy for All Networks broke my SMTP server. We run Zarafa on our ClearOS server as well. Although it appeared Zarafa was working (we could login), no mail was leaving and was stuck in the Outbox. When I changed the policy to Local Network our mail worked again. Not really related to this particular post for LDAP(s) on ClearOS but if someone happens along and is trying to use LDAP, be careful with your published policy and your ClearOS mail.

    If I find an answer to this issue with connecting to our LDAPS on ClearOS I will post back with my findings.

    Thanks.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 10 2015, 08:55 AM - #Permalink
    Resolved
    0 votes
    service slapd status
    You may be able to check from the Webconfig but I can't check from work.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 10 2015, 06:14 AM - #Permalink
    Resolved
    0 votes
    Thank you Nick for your suggestions. I'll keep trying to get this connected.

    How do I check that my ClearOS LDAP Server is actually running? Is there a command I can issue to check or perhaps from the ClearOS WebGui that will confirm for me it is running?

    Thank you.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 08 2015, 04:53 PM - #Permalink
    Resolved
    0 votes
    I don't know a lot about LDAP or anything about Openfire, but in ClearOS, in the Webconfig, if Publish Policy is set to "Not Publish" then only apps running on the ClearOS server can access ClearOS LDAP and I think they can use both LDAP (389) and LDAPS (636). With Publish Policy set to Local Network all devices on the LAN can access ClearOS LDAP but only using LDAPS.

    If you search the forum you'll find a hack to /etc/rc.d/init.d/slapd to allow LAN access on port 389.

    You definitely need to set the Publish Policy, bit I've no idea about the Accounts Access. It is not needed for phpLDAPAdmin.

    I can't advise you on all the dn's you need. I know phpLDAPAdmin requires the ClearOS Bind DN and Bind Password for authentication with the Base DN hard coded in the conf file, so I'd point Openfire at your server on port 636 using the ClearOS Base DN in the Base DN field and try the Bind DN and Password in your Authentication fields.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 08 2015, 07:31 AM - #Permalink
    Resolved
    0 votes
    Also..under Directory Server on my ClearOS I have Policies set to:

    Publish Policy Not Published
    Accounts Access Disabled

    Do I need to change these to allow access from openfire so users in openfire are taken from my ClearOS server?

    Thank you.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 08 2015, 07:23 AM - #Permalink
    Resolved
    0 votes
    Thank you Nick for the reply. Do you mean the init file in openfire or in my ClearOS?

    Also...

    How would I go about finding the base dn and admin dn info I need from ClearOS though?

    Here is a screenshot of what openfire needs.

    Is there a command line instruction I can use from the ClearOS terminal to give me the Base DN and Admin DN? Or can I see these in the ClearOS WebGUI? In the directory server I can see at the bottom the directory information...but I'm not sure if this is what I need. Plus I don't see one on this page that says Administrator DN?

    Thank you.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, August 08 2015, 07:10 AM - #Permalink
    Resolved
    0 votes
    If you allow LAN access to LDAP you need to use ldaps (port 636) or change the init file to allow 389.
    The reply is currently minimized Show
Your Reply