AnsweredAssumed Answered

Need some clarification about xmpp.domain and xmpp.fqdn

Question asked by kazso on May 20, 2016

I'm using Openfire for a long time now in a domain environment (Windows Active Directory), but i'm still confused about 2 settings: xmpp.domain and xmpp.fqdn.

This environment has only Windows systems. Windows 2008 R2 Domain Controllers/DNS servers (dc1.example.local, dc2.example.local), Windows 2008 R2 Certification Authority (ca.example.local) and Windows 2012 R2 Server as Openfire host currently running version 4.0.2 (chatsrv.example.local).

The domain name is example.local.


Currently i'm using these settings:

     xmpp.domain = example.local

     xmpp.fqdn = chatsrv.example.local


These settings do work, because clients can connect (SSO doesn't work though). But these settings don't feel "right" to me.


Problem 1:

If i open the Openfire Admin Console, i see Server Name: example.local. This looks odd (display error?), because the Server Name should say chatsrv.example.local.

Below that Host Name: chatsrv is ok.


Problem 2:

If i create server certificate for Openfire in Windows using the Web Server template, then i must add example.local as CN. If i use chatsrv.example.local as CN, then the Admin Console will put a yellow exclamation mark next to the Server Name, and in this case the clients connecting to Openfire will have certificate warnings.


Problem 3:

If i create Kerberos XMPP Service Prinical Names (SPN) for the xmpp-openfire account and use the commands

setspn -A xmpp/chatsrv.example.local@EXAMPLE.LOCAL xmpp-openfire

setspn -A xmpp/chatsrv.example.local xmpp-openfire

then SSO won't work (the last time it worked was in version 3.10.2 anyway). I need to include xmpp/example.local in SPN.

Since version 4.0 SSO won't work no matter how i setup the SPN, so i'm not sure about this one.


The main guide for me setting up Openfire was Openfire+Spark on Windows Server 2008 R2 with SSO . But some other guides and forum posts state (mostly with mixed Windows and Linux environments), that xmpp.domain and xmpp.fqdn should be the same (in my case both settings would be chatsrv.example.local).

So what should i use for xmpp.domain and xmpp.fqdn? Are these settings the same in Windows and Linux versions of Openfire?