Create a hybrid AuthProvider that can be used to string multiple other AuthProvider implementations together. It will allow a primary, secondary and tertiary provider to be configured. When authentication needs to be done:
1) Attempt authentication using the primary. If that fails:
2) Attempt authentication using the secondary. If that fails:
3) Attempt authentication using the tertiary.
For each of the providers (primary, secondary, etc), an override list of users can be specified. If a user is in the override list, authentication will only be attempted with that provider.
Could anyone provide a howto on using this? I am trying to create some local users in addition to the ldap users... Is that possible by using this feature?
Same question than Sindre. I'd like to use this feature... But I don't know how.
In your mySQL database in the ofproperty table update the name-value pairs to the following:
provider.user.className = org.jivesoft.openfire.user.HybridUserProvider
provider.auth.className = org.jivesoft.openfire.user.HybridAuthProvider
Add the following name-value pairs in the table:
hybridAuthProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapAuthProvider
hybridAuthProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultAuthProvider
In the openfile.xml add the following xml snippet:
I am not sure if the HybridUserProvider class was updated in the 3.6.0a version to look for the properties in the database yet. If it has been then add the following rows in the ofproperty table:
hybridUserProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapUserProvider
hybridUserProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultUserProvider
Hope this helps!
Can anyone help explain how to implement this?
I don't see where to put the HybridUser...java file.
Also, what DB settings do I need?
For instance, I currently use LDAP, which works. When I set the DB settings above, I can no longer login to the admin console or connect as a client.
What my ultimate goal is, is to read users from LDAP, and then also be able to read users from teh Openfire DB so I can add non-LDAP users.