7 Replies Latest reply on Jan 20, 2017 12:01 PM by Rich

    Active Directory Integration question about admin login

    Rich

      I have a 4.0.2 server that was set up a while back and I got it working with AD integration and all that is working.  I can no longer access the admin console.  What I'm wondering is if the admin password is in Active Directory or if it uses a local account for admin?  Or both maybe? 

       

      I need to regain access and I tried editing the openfire.xml file and adding in an authorized user but that did not work.  I am trying to log in simply as "admin" and it's not taking any of my known passwords nor "admin" the default. 

       

      I also tried re-enabling the setup by changing <setup>true</setup> to false but then all my active directory configuration is gone and I don't remember how the settings were set.

       

      Can anyone help me?

       

      Thanks,

      Rich

        • Re: Active Directory Integration question about admin login
          Rich

          OK I've spent entirely too long on this issue.  Now I've decided just to re-set up the server since nobody can seem to give me a way to reset my administrative password.  None of the suggestions in these forums have worked as yet.  It seems as though the developers are working hard to close all doors to be able to reset an administrative password.  Every time one gets published an update comes out that disables it.  You NEED a way to reset an administrative password - people forget. 

           

          Now as it stands I'm going to have to completely uninstall/reinstall (AND reconfigure my active directory settings) because I can't even re-run the setup script because it wants the PREVIOUS password... WHY???  You have to edit an xml file on the server to enable the setup process.. it's fairly obvious that if you're running setup that you OWN the box.  Someone needs to fix this.  It also appears as though there is no way to even view the previous AD settings so I can document them. Thanks guys!

           

          Can someone please address this?

           

          Rich

            • Re: Active Directory Integration question about admin login
              speedy

              You're using AD/LDAP so there is not "reset admin passowrd". What you're looking to do is map a user to be an admin to openfire. 

               

              If you don't know the AD username/password that has been granted the access, than you can get around this easy enough. 

               

              Stop Openfire.  Edit the database.  Look for the ofProperty table.  Then look for the value admin.authorizedJIDs and edit it.

                • Re: Active Directory Integration question about admin login
                  Rich

                  I know which one it is likely to be but it's not taking it.  Do I have to put the username in as domain\username or some special way?  I can't remember it's been months since I set it up. 

                   

                  Also how do I edit the embedded db? 

                   

                  Thanks for your response... caught me before I deleted everything...

                   

                  Rich

                    • Re: Active Directory Integration question about admin login
                      speedy

                      if the embedded isn't that large, you can open it with notepad++

                       

                      you'll put the admin account in as the JID, and not the domain.  so openfire maps a domain username to a jid, and the the jid is then given admin access via the property.

                        • Re: Active Directory Integration question about admin login
                          Rich

                          It is not that large I'm guessing - small install 40 users or so and AD so no data in the local database for user accounts I'm guessing...

                           

                          I tried in JID format <user>@<server domain> and still didn't work.  I know it has to be one of two AD accounts but it won't take it.

                           

                          Where is the embedded db located - I'm on linux so I assume I can use vi or pico as well?

                           

                          Rich

                          • Re: Active Directory Integration question about admin login
                            Rich

                            Ok I found the DB and now understand how it works... my authorizedJIDs contains one of the users I added to the xml file.  The admin dn appears to be encrypted so I can't see which one is admin... do I change the authorizedJIDs line to the account that I think it is?

                            • Re: Active Directory Integration question about admin login
                              Rich

                              OK I am in finally - changed the authorizedJIDs line to the account that I thought it was and started openfire. 

                               

                              I then had to log in as only the base username - not the user@domain and then it let me in.

                               

                              Not sure how this works if you actually forget the password because it wouldn't let me in as the temp user I had set it to through the xml.  In any case I'm back in - thank you so much for your help. 

                               

                              This process could (and should) be made much easier or I guess even some documentation on how to get back in would help too.. now at least there is this forum posting if someone else has the problem.

                               

                              Rich