ldap-guide.html 4.7 KB
Newer Older
Matt Tucker's avatar
Matt Tucker committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
	<title>Jive Messenger LDAP Guide</title>
  <link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<a name="top"></a>

<h1>Jive Messenger LDAP Guide</h1>

<h2>Introduction</h2>

<p>
This document details how to configure your Jive Messenger installation to use an external LDAP store when
authenticating users.
</p>
<h2>Background</h2>
<p>
LDAP (Lightweight Directory Access Protocol) has emerged as a dominant standard 
for user authentication and for storage of user profile data. It serves as a 
powerful tool for large organizations (or those organizations integrating many 
applications) to simplify user management issues.
</p>
<p>
By default, Jive Messenger stores all user data in a database and performs 
authentication using database lookups. The LDAP module replaces that 
functionality and allows Jive Messenger to:
<ul>
<li>
Use a LDAP server to authenticate a user's identity.
</li>
<li>
Load and store user profile information in a LDAP directory.
</li>
</ul>
</p>
<p>
This document will guide you through preparing your LDAP server and provide 
details about how to install the LDAP module on Jive Messenger. These 
instructions assume that you're a competent LDAP user, and that you're familiar 
with Jive Messenger setup issues. The iPlanet Directory Server 5.0 LDAP server 
was used for development and testing, but any LDAP compliant server should also 
work.
</p>
<h2>Choosing an LDAP storage mode</h2>
<p>Two modes for storing user data in an LDAP directory are supported:
<ol>
<li>
Mixed Mode (LDAP and User Database) -- Username, name and email are stored in 
LDAP. All Jive-specific data is stored in the Jive Messenger user database. 
This mode requires no changes to your LDAP directory.
</li>
<li>
Pure LDAP Mode -- All user data is stored in LDAP, including Messenger-specific 
data. This mode requires you to make changes to your LDAP schema.
</li>
</ol>
The first option is easier to setup and is generally the better solution. 
However, the second option is also appropriate in some cases.
</p>

<h2>Configuration</h2>
<p>
In order to configure your server to use LDAP you need complete the following 
tasks:
<ol>
<li>
Stop Messenger.
</li>
<li>Edit <tt>MESSENGER_HOME/config/jive-messenger.xml</tt> as described below.
</li>
<li>
Restart Messenger.
</li>
</ol>
</p>
<h3>Configure Messenger</h3>
<p>
Open the Messenger configuration file <tt>MESSENGER_HOME/config/jive-messenger.xml</tt> in your favorite
editor and add or change the following settings:
</p>
<ul>
<li>UserProvider.properties.className</li>
<li>UserProvider.info.className</li>
<li>ldap.host - LDAP server host; e.g. localhost or machine.example.com, etc.</li>
<li>ldap.port - LDAP server port number</li>
<li>ldap.usernameField - The field name that the username lookups will be performed on.</li>
<li>ldap.baseDN - The starting DN that searches for users will performed with. The entire subtree under the base
    DN will be searched for user accounts.
</li>
<li>ldap.nameField - The field name that holds the user's name.</li>
<li>ldap.emailField - The field name that holds the user's email address.</li>
<li>ldap.adminDN - A directory administrator's DN. All directory operations will be performed with this account.
    For normal usage of the module, the admin should have full administrative controls over the directory.
</li>
<li>ldap.adminPassword - The password for the directory administrator.</li>
<li>ldap.debugEnabled - A value of "true" if debugging should be turned on. When on, trace information about
    buffers sent and received by the LDAP provider is written to System.out</li>
<li>ldap.sslEnabled - Enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port
    number most likely should be changed to 636.
</li>
</ul>
<p>
Below is a sample set up.
</p>
<pre><code>
&lt;jive&gt;
...
  &lt;UserProvider&gt;
    &lt;properties&gt;
      &lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserPropertiesProvider&lt;/className&gt;
    &lt;/properties&gt;
    &lt;info&gt;
      &lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserInfoProvider&lt;/className&gt;
    &lt;/info&gt;
  &lt;UserProvider&gt;
  &lt;ldap&gt;
    &lt;host&gt;myhost.com&lt;/host&gt;
    &lt;port&gt;389&lt;/port&gt;
    &lt;usernameField&gt;uid&lt;/usernameField&gt;
    &lt;emailField&gt;mail&lt;/emailField&gt;
    &lt;baseDN&gt;o=mycompany, c=mycountry&lt;/baseDN&gt;
    &lt;nameField&gt;cn&lt;/nameField&gt;
    &lt;adminDN&gt;cn=ldap-administrator&lt;/adminDN&gt;
    &lt;adminPassword&gt;adm1npwd&lt;/adminPassword&gt;
    &lt;debugEnabled&gt;false&lt;/debugEnabled&gt;
    &lt;sslEnabled&gt;false&lt;/sslEnabled&gt;
  &lt;/ldap&gt;
...
&lt;/jive&gt;
</code></pre>
</body>