I've gotten OpenFire setup to work with AD, but only if I authenticate using the admin account. Is it possible to configure this using a less privileged account, and what privileges would be required?
Thanks in advance!
You should NOT need a domain admin account for ldap query, unless you made changes to your AD. By default, a domain user can query AD for basic information, which is all we needed.
for testing, do something like this. create a normal domain user account. ie firstname.lastname@example.org. make your base dn the root of your domain. something like DC=domain,DC=local
then for when your asked for the ldap admin dn, enter email@example.com
Thank you for the response. I've tried this, but it's still not working except with the admin user. What would be the proper format for information required of base and admin DNs please?
That's it. Thanks. I had the information in the Admin DN improper.
I read through the LDAP guide 100 times and could not get OpenFire to connect to my DC. Until I found this post. Then I saw how you said to enter the admin dn. firstname.lastname@example.org. I was doing it as the LDAP Guide says to : cn=Administrator,cn=users,dc=domain,dc=local. Well, your way worked like a charm. I think the guide needs to be updated Maybe even some screenshots of the config screen showing what should be where.
Great Job! Thank You!
Retrieving data ...