How to recover openfire admin password

LDAP Authentication

Openfire can be configured to authenticate users through your SME Server’s OpenLDAP server. This will allow you to use a single user and password source, rather than needing to maintain two or more separate databases. This is recommended unless you have a particular reason to want a separate user list for your Openfire installation. To begin, on the Profile Settings screen, select Directory Server (LDAP):

Fill in the Connection Settings screen as shown below, replacing yourdomain and tld with your primary domain name and top-level domain, as appropriate. For example, if your domain were example.com, you’d enter dc=example,dc=com. For the password field, enter your admin user’s password.

Click Test Settings to make sure you’re able to connect. Then click Save & Continue.

On the User Mapping page, just scroll to the bottom and click Save & Continue.

Similarly, on the Group Mapping page, click Save & Continue.

On the Administrator Account screen, enter admin and click Add.

On the next page, your admin account will be listed. Click the Test button to confirm that it will authenticate this account.

You should see the Success page below. If you do, you can close it. You can optionally add other administrator users on this page.

Настройка базы данных

В качестве СУБД установим и настроим MariaDB.

Установка MariaDB и коннектора для JAVA

Для установки сервера баз данных вводим:

apt-get install mariadb-server

После переходим на страницу https://dev.mysql.com/downloads/connector/j/ — выбираем операционную систему и ее версию (в нашем примере, Ubuntu 18.04) — кликаем по Download:

На следующей странице копируем ссылку на скачивание коннектора:

С помощью скопированной ссылки загружаем на сервер пакет:

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java_8.0.19-1ubuntu18.04_all.deb

* в данном примере мы загружаем коннектор версии 8.0.19.

… и устанавливаем его:

dpkg -i mysql-connector-java_8.0.19-1ubuntu18.04_all.deb

Разрешаем автозапуск сервиса:

systemctl enable mariadb

Зададим пароль для mysql root-пользователя:

mysqladmin -u root password

* система дважды запросит пароль, который мы должны задать.

Создание и настройка базы для Openfire

Подключаемся к установленной базе:

mysql -uroot -p

* в качестве пароля вводим тот, что задали при установке.

Создаем базу данных:

> CREATE DATABASE openfire;

* мы создадим базу с именем openfire.

Создаем пользователя и дадим ему права на созданную базу:

> GRANT ALL PRIVILEGES ON openfire.* TO openfire@localhost IDENTIFIED BY ‘openfirepass’;

* в данном примере будет создан пользователь openfire, которому можно подключаться с локального компьютера (localhost); доступ пользователю будет предоставлен на базу openfire; пароль пользователя — openfirepass.

Подключимся к созданной базе:

> use openfire;

… и загрузим в нее данные из файла openfire_mysql.sql (поставляется с Openfire):

> source /usr/share/openfire/resources/database/openfire_mysql.sql;

Чтобы убедиться в загрузке данных, выполняем команду:

> show tables;

* мы должны увидеть список таблиц.

Отключаемся от СУБД:

> \q

Интеграция с Active Directory

Интеграция с Active Directory должна настраиваться в момент веб-установки сервера. Если у нас уже установлен Openfire, и мы хотим переключиться на использование LDAP, открываем конфигурационный файл:

vi /opt/openfire/conf/openfire.xml

Находим:

<setup>true</setup>

… и правим на:

<setup>false</setup>

Перезапускаем сервис:

systemctl restart openfire

Ждем секунд 10 (приложение перезапускается долго).

Открываем в браузере адрес http://<IP-адрес сервера>:9090 — откроется мастер установки. Проходим снова по всем шагам до настройки профилей и выбираем Сервер каталогов (LDAP):

1) Откроется страница настройки профилей LDAP. Заполняем поля:

* где

• Из списка Тип сервера выбираем Active Directory.
• Protocol выбираем либо ldap, либо ldaps (если наш Active Directory поддерживает запросы с шифрованием).
• В качестве хоста прописываем имя контроллера домена или целиком весь домен.
• База DN — корневая директория LDAP, откуда будет выполняться поиск объектов.
• Администратор DN — учетная запись в LDAP с минимальными правами (на чтение объектов AD). Правильнее всего создать отдельную запись и использовать ее.

Кликаем по Тестовые настройки — мы должны увидеть отчет об успешном прохождении тестирования:

2) Нажимаем Сохранить и продолжить — откроется страница с настройками полей и атрибутов. Данные атрибуты должны соответствовать атрибутам Active Directory. В моем случае пришлось заменить jpegPhoto на thumbnailPhoto и homePostalAddress на physicalDeliveryOfficeName. Правильные атрибуты можно посмотреть в оснастке Active Directory — пользователи и компьютеры (на вкладке Редактор атрибутов любого пользователя).

Нажимаем Тестовые настройки — откроется окно, в котором можно загрузить информацию от случайных профилей в AD и убедиться, что нужные нам данные загружаются корректно. После нажимаем Сохранить и продолжить.

3) На последнем шаге настройки интеграции с Active Directory оставляем предложенные настройки:

… и нажимаем Тестовые настройки — мы должны увидеть информацию о группах, которую сможет получить Openfire. Кликаем Сохранить и продолжить.

Конфигурирование LDAP завершено. Теперь добавим администраторов системы, которые смогут управлять сервером из панели управления:

Обратите внимание, что доступ к панели управления под встроенным администратором Openfire будет невозможен после смены профилей на использование LDAP. Обязательно добавляем хотя бы одного пользователя, у которого будут привилегии настройки

Настройка завершена. Пробуем авторизоваться в панели управления под учетной записью администратора, которую мы добавили. После под своей учетной записью в AD.

Аутентификация на основе групп

Если необходимо ограничить пользователей, которые могут подключаться к серверу, можно использовать группы Active Directory. Для этого открываем панель управления Openfire и переходим в раздел Сервер — Настройки сервера и кликаем по кнопке Изменить:

В открывшемся окне переходим к разделу 2. Отображение пользователей — кликаем по Расширенные настройки и добавляем Пользовательский фильтр:

* например, как на изображении выше, можно добавить фильтр (memberOf=cn=Domain Admins,cn=Users,dc=dmosk,dc=local) — это означает, что к серверу смогут подключиться только те пользователи, которые принадлежат группе Domain Admins.

Complete the installation

Now, you have to open a web browser and go to and you will see the following screen

1.- Select the installation language

Select the language of the installation and click Continue.

Then set the server options. There you will be able to configure the XMMP domain and define other ports to replace the default ones.

2.- Server settings

Next, you can choose to use the internal database driver or an external one as we have done. So, choose the first option.

3.- Database settings

In this step, you have to configure the database connection. Select MySQL and in the url modify the values of hostname and database name.

Below define the username and password for the OpenFire user we have created.

You can also configure the database connections.

4.- Configuring the database connection

If the connection is successful, you will see the profile options.

5.- Profile settings6.- Creating the Admin account

In the end, you will see this message indicating that everything went well.

7.- OpenFire installed on Debian

Then go to the login screen

8.- Login screen

and finally, you will be in the OpenFire control panel.

9.- OpenFire on Debian 10

So, enjoy it.

Change admin password for openfire version 4.0.2 from database

Question:

I have installed openfire in a live server. Which I forgot admin password. now I want to login into it. So, I manually changed password from database table ofuser as

I am using firebase version 4.0.2. but I can’t even login with my new password.

where is the problem?
Should I restart openfire server?
Should I reinstall openfire on server?

Solution:

In case you change config files or database config you should restart openfire server, only changes from the admin panel can be done without restart.

If the problem persists, reinstall Openfire.

Remember to keep a backup of the correct database configuration of Openfire

Change admin password for openfire version 4.0.2 from, In case you change config files or database config you should restart openfire server, only changes from the admin panel can be done without restart. If the problem persists, reinstall Openfire. Remember to keep a backup of the correct database configuration of Openfire. Share.

Can’t login to openfire administrator console. It always told me «make sure your username and password are correct»

Question:

I am new to OpenFire.

I have an OpenFire server on CentOS, but I’m unable to login to the admin console.

When I try, it always displays the following message:

«Make sure your username and password are correct and that you’re an admin or moderator.»

So far, I have tried the following:

1. Open openfire.xml
2. Reset setup by setting the setup parameter to ‘false’
3. Restarting the OpenFire server
4. Accessing the admin console via browser
5. Select a DB to use. I selected my own database not the sample database for OpenFire.
6. When I tried to reset the password for admin, I was presented with the following OpenFire admin console (click to view) screen.

I can see changes in my database, but I’m still unable to log in.

I also tried modify the OfUser table directly, but I get the same result.

Solution 1:

During the installation guide you must have setup your admin account to admin@XYZ and a password. Well at the time of the login use username as admin and password same as the one given at the time of installation.

Solution 2:

After fresh installation, start the openfire setup in «root/administrator» account. Select all the required features in the installation. Give the password in the ‘account’ section carefully. After setup, you will be able to login with username as ‘admin’ and your selected password.

DevOps & SysAdmins: Openfire admin password reset, DevOps & SysAdmins:
Openfire admin password
resetHelpful? Please support me on Patreon: https://www.patreon.com/roelvandepaarWith thanks & …

How to change the admin password on Openfire?

Change the admin (or any other users) password by setting password field to chosen value and encryptedPassword field to null. For example here is the query to set the admin password to 123456: update jiveUser set password=’123456′, encryptedPassword = null where username =’admin’;

What are the network settings for Openfire server?

Network settings. By default, Openfire will bind to all network interfaces. Alternatively, you can specify a specific network interfaces that the server will listen on. For example, 127.0.0.1. This setting is generally only useful on multi-homed servers. –> If I look anywhere else I would say mine is missing some parts but I don’t know for sure.

Where is the openfire.xml configuration file located?

Find where is located openfire.xml configuration file in your Linux system. Usually it can found in /opt/openfire/conf/ CentOS directory. Open and edit with your favorite text editor. 3. Modify Openfire configuration file

How can I reset my admin account password?

Afterwards, log in with one of those accounts and reset the “admin” account’s password. Thanks. It did not work. I put several people in but none work.

Пропадают логи — как лечить

Для версии 3.6.4

Вылечилось в версии 3.6.4 (возможно, годится и для каких то более ранних)

Итак, при установке из портов после make (его можно оборвать в начале сборки) правим файл /usr/ports/net-im/openfire/work/openfire_src/src/java/org/jivesoftware/openfire/audit/spi/AuditorImpl.java — добавляем строку кода для сортировки массива:

   282         else {
   283             // Search the last index used for the day
   284             Arrays.sort( files ); // <------------------------ Fix code
   285             File lastFile = files;
   286             StringTokenizer tokenizer = new StringTokenizer(lastFile.getName(), "-.");

Затем в директории /usr/ports/net-im/openfire/work удаляем файл .build_done.openfire._usr_local и .PLIST* (если есть), потом делаем make install, как обычно.

Для версии 3.7.0 beta

А вообще-то, эту 3.7.0 бету ставить рановато. В начале января 2011 обновился, посмотрел на множество глюков… и откатился обратно на 3.6.4 через пару дней.

Для версии 3.7.1 и далее (до 4.0.1 точно)

Полет почти нормальный. Бред с именованием логов так и остался. Когда понял что «оно само» не наладится, воткнул код из версии 3.6.4:

# diff -b workopenfire_srcsrcjavaorgjivesoftwareopenfireauditspiAuditorImpl.java workopenfire_srcsrcjavaorgjivesoftwareopenfireauditspiAuditorImpl.java~
59d58
< import java.util.StringTokenizer;
348,366c347,352
<      if (files.length == ) {
<          // This is the first audit file for the day
<          currentAuditFile = new File(logDir, filePrefix + "000.log");
<      }
<      else {
<          // Search the last index used for the day
<          Arrays.sort( files ); // <------------------------ Fix order code
<          File lastFile = filesfiles.length - 1;
<          StringTokenizer tokenizer = new StringTokenizer(lastFile.getName(), "-.");
<          // Skip "jive"
<          tokenizer.nextToken();
<          // Skip "audit"
<          tokenizer.nextToken();
<          // Skip "date"
<          tokenizer.nextToken();
<          int index = Integer.parseInt(tokenizer.nextToken()) + 1;
<          if (index > 999) {
<              Log.warn("Failed to created audit file. Max limit of 999 files has been reached " +
<                          "for the date: " + dateFormat.format(auditDate));
---
>       // if some daily files were already deleted then files.length will be smaller than filesIndex
>       // see also WARNING above
>       filesIndex = Math.max(files.length, filesIndex);
>               if (filesIndex >= maxTotalFilesDay)
>               {
>                       // don't close this file, continue auditing to it
369,370c355,364
<          currentAuditFile = new File(logDir,
<                      filePrefix + StringUtils.zeroPadString(Integer.toString(index), 3) + ".log");
---
>               File tmpAuditFile = new File(logDir, filePrefix + StringUtils.zeroPadString(Integer.toString(filesIndex), 3) + ".log");
>               if ( (filesIndex == maxTotalFilesDay-1) && !tmpAuditFile.exists() )
>               {
>                       Log.warn("Creating last audit file for this date: " + dateFormat.format(auditDate));
>               }
>               while ( (filesIndex<(maxTotalFilesDay-1)) && (tmpAuditFile.exists()) )
>               {
>                       Log.debug("Audit file '"+ tmpAuditFile.getName() +"' does already exist.");
>                       filesIndex++;
>                       tmpAuditFile = new File(logDir, filePrefix + StringUtils.zeroPadString(Integer.toString(filesIndex), 3) + ".log");
371a366
>               currentAuditFile = tmpAuditFile;

Setting up the Plugin

To reap the benefits of the Broadcast plugin, begin by installing it from under theAvailable Plugins list on the Plugins tab. This plugin has a few configuration options which should be set carefully—using a misconfigured broadcast plugin, the new guy in the purchase department could send a message of “Have you seen my stapler?” to everyone in the organization, including the CEO!

The broadcast plugin is configured via the Openfire system properties. Remember these? They are listed under the Server tab’s System Properties option in the sidebar. You’ll have to manually specify the settings using properties (refer to the following screenshot):

• plugin.broadcast.serviceName— This is the name of the broadcast service. By default, the service is called “broadcast”, but you can call it something else, such as “shout”, or “notify”.
• plugin.broadcast.groupMembersAllowed— This property accepts two values—true and false. If you select the “true” option, all group members will be allowed to broadcast messages to all users in the group they belong to. If set to “false”, only group admins can send messages to all members of their groups. The default value is “true”.
• plugin.broadcast.disableGroupPermissions— Like the previous property, this property also accepts either true or false values. By selecting the “true” option, you will allow any user in the network to broadcast messages to any group and vice versa, the “false” option restricts the broadcasting option to group members and admins. The default value of this group is “false”. As you can imagine, if you set this value to “true” and allow anyone to send broadcast messages to a group, you effectively override the restrictive value of the previous setting.
• plugin.broadcast.allowedUsers—Do not forget to set this property! If it is not set, anyone on the network can send a message to everyone else on the network. There are a only a few people you’d want to have the ability to broadcast a message to everyone in the organization. This list of users who can talk to everyone should be specified with this property by a string of comma-separated JIDs.

Tips and tricks

Add unix socket support

Connecting to database via unix socket with a java application requires a jdbc driver with an implementation of socketFactory. Connector/J supports auth over socket since version 1.4. and can be install via AUR, which also requires AUR (Java Native Access) to work with unix sockets. Install both.

The factual accuracy of this article or section is disputed.

/etc/systemd/system/openfire.service.d/override.conf

#override ExecStart
ExecStart=
# added the 2 AUR packages to class path
ExecStart=/usr/bin/java -server -DopenfireHome=/usr/share/openfire -Dopenfire.lib.dir=/usr/lib/openfire -cp "/usr/lib/openfire/startup.jar:/usr/share/java/mariadb-jdbc/mariadb-java-client.jar:/usr/share/java/jna.jar" -jar /usr/lib/openfire/startup.jar

Instead this works for now (but is kind of ugly):

# ln /usr/share/java/mariadb-jdbc/mariadb-java-client.jar /usr/lib/openfire/
# ln /usr/share/java/jna.jar /usr/lib/openfire/

If openfire setup was already completed using a TCP/IP connection to the same database, switch to the new driver by changing the xml configuration:

/etc/openfire/openfire.xml

      <driver>org.mariadb.jdbc.Driver</driver>  
      <serverURL>jdbc:mariadb://localhost:3306/openfire_db?localSocket=/run/mysqld/mysqld.sock&writeBatchedStatements=true</serverURL>

When using the setup interface instead, choose «MySQK» and enter the values of driver and serverURL into the «JDBC Driver Class» and «Database URL» fields of the web form respectively.

Restart the — it can be necessary to start the setup interface again () afterwards.

Using multiple domains

Openfire does not support multiple domains / vhosts like prosody does, but it works with an LDAP-server that provides authentication for multiple domains.

Users from different domains can then login and communicate normally, but this is messy; side-effects may include but are not limited to:

• unlisted users
• need to create users manually
• users from other domains showing up as members of default domain
• users from other domains conflicting with same name users from other domains
• SSL certificate errors (separate certificates for different domains not possible)

Managing User Clients

There’s no dearth of IM clients. It’s said that if you have ten users on your network, you’ll have at least fifteen different clients. Managing user’s clients is like bringing order to chaos. In this regard you’ll find that Openfire is biased towards its own IMclient, Spark. But as it has all the features you’d expect from an IM client and runs on multiple platforms as well, one really can’t complain.

So what can you control using the client control features? Here’s a snapshot:

1. Don’t like users transferring files? Turn it off, irrespective of the IM client.
2. Don’t like users experimenting with clients? Restrict their options
3. Don’t want to manually install Spark on each and every user’s desktop? Put it on the network, and send them an email with a link, along with installation and sign-in instructions.
4. Do users keep forgetting the intranet website address? Add it as a bookmark in their clients.
5. Don’t let users bug you all the time asking for the always-on “hang-out”conference room. Add it as a bookmark to their client!

Don’t these features sound as if they can take some of the work off your shoulders? Sure, but you’ll only truly realize how cool and useful they are when you implement them! So what are you waiting for? Head over to the Plugins tab and install the Client Control plugin. When it is installed, head over to the Server | ClientManagement tab. Here you’ll notice several options.

The first option under client management, Client Features, lets you enable or disable certain client features (refer to the following screenshot). These are:

1. Broadcasting: If you don’t want your users to broadcast messages, disable this feature. This applies only to Spark.
2. File Transfer: Disabling this feature will stop your users from sharing files.This applies to all IM clients.
3. Avatar/VCard: You can turn off indiscriminate changes to a user’s avatar or virtual visiting card by disabling this experimental feature which only applies to Spark.
4. Group Chat: Don’t want users to join group chat rooms? Then disable this feature which will prevent all the users from joining discussion groups, irrespective of the IM client they are using.

By default, all of these features are enabled. When you’ve made changes as per your requirements, remember to save the settings using the Save Settings button.

Permitted ClientsSpecify ClientsAdd Other ClientSave Settings

The manually-added clients are automatically added to the list of allowed clients. If you don’t trust them, why add them? The remove link next to these clients will remove them from the list of clients you trust.

Introduction to OpenFire

According to the OpenFire website

In a nutshell, we can have our chat server installed with this program. This makes it ideal often where the team is not in the same place or where remote work is required.

After OpenFire is installed, we can create groups and users from a comfortable web interface. In addition, the application is very robust thanks to the fact that it is made with JSP.

Moreover, OpenFire is compatible with most Linux distributions, so installing and configuring it is a task within the reach of many.

In short, there are many advantages of having an XMPP server in our organization, so let’s go for it.

Install MariaDB on Debian 10

OpenFire has its own database driver, but it is also possible to use MariaDB / MySQL or PostgreSQL which increases the performance of the application but the flexibility.

So, install it with the following command:

Then, configure it:

Then create a new database and user for OpenFire:

Replace the fields with the data you want and set a strong password.

Now upload the default OpenFire data to the created database

Replace with your password

Inside the MariaDB shell, switch to the created database and load the data:

And to verify the changes, you can run:

And there you should see all the tables loaded.

Установка JAVA

Openfire написан на языке JAVA и для своей работы требует установки соответствующей платформы.

В Ubuntu данную установку можно выполнить из репозитория — для этого вводим команду:

apt-get install openjdk-8-jdk

После окончания установки можно ввести команду:

java -version

Она должна вернуть, примерно, следующее:

openjdk version «1.8.0_242»
OpenJDK Runtime Environment (build 1.8.0_242-8u242-b08-0ubuntu3~18.04-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)

Для корректной работы JAVA мы должны настроить переменные окружения — для этого смотрим путь до бинарника java:

update-alternatives —config java

Мы должны увидеть что-то на подобие:

There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
Nothing to configure.

В данном примере показан путь до исполняемого файла java (/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java). Открываем файл:

vi /etc/environment

… и добавляем новой строкой:

…
JAVA_HOME=»/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java»

После выполняем команду:

source /etc/environment

Проверяем, что переменная создалась:

echo $JAVA_HOME

Мы должны увидеть:

/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

Openfire Installation Issue

Question:

I am trying to get Openfire to install on an Ubuntu virtual machine, however upon completing the web based installer, I am unable to login to the admin panel.

So far I:

• downloaded Debian installer
• Installed using stock options
• Added database and built the structure using supplied SQL file
• Completed web based installer

I am now trying to login using username: admin and my password, however I constantly get a wrong username/password error. There is a record generated in the MySQL database showing the admin user with an encrypted password, and changing to an unencoded password doesn’t work. What is the problem here?

Solution 1:

I had the same issue, little know and it seems undocumented bug. Try rebooting the server after the you do the install.

Worked for me.

Solution 2:

I had to manually set the password, the setup page didn’t save it. Restarting the server didn’t help.

If you are using the embedded db on Windows, this will be in

embedded-db/openfire.script

:

Change the NULL to your password. Then restart your OpenFire server.

Solution 3:

Openfire Admin Login
How to change Openfire’s admin login when using Windows Vista and an embedded database:

1. Shut down Openfire

2. As the Windows Administrator,
   Edit

   C:\Program Files (x86)\Openfire\embedded-db\openfire.script

3. Change the line that looks something like this

   INSERT INTO OFUSER VALUES(‘admin’,NULL,», ‘Administrator’,’admin’,’0′,’0′)

   to

   INSERT INTO OFUSER VALUES(‘admin’,»,NULL, ‘Administrator’,’admin’,’0′,’0′)

4. Save the file, exit the editor

5. Restart Openfire

Solution 4:

http://blog.taragana.com/index.php/archive/how-to-recover-openfire-admin-password/

however this is not programming related….

Why can’t I login to my Openfire administration, The password is the one we typed in during the install. So in other words, use «admin» as the username, and the password you typed in during the install process, and you’ll get in. I’ll admit this is not intuitive at all, since the note that the username is «admin» is buried inside what most people would skip as …

Optional

If you would like to have web access to the openfire documentation has been installed on your server, this section will show you how to make an e-smith custom template.

Make the custom-template directory:

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

Create and edit a file called «99openfire»

nano -w 99openfire

(add the code shown below to the template)
(you can select and copy then paste in PuTTY with right click)

# Openfire instant messaging server

Alias /openfiredocs /opt/openfire/documentation/docs

<Directory /opt/openfire/documentation/docs>
     AddType application/x-httpd-php .php .php3 .phtml
     Options Indexes +Includes FollowSymLinks
     order deny,allow
     deny from all
     allow from all
</Directory>

# end of Openfire fragment

ctrl-x to save, y to agree, and to exit the PICO editor