Openfire on NethServer

tim · July 23, 2015, 11:14am

Hello everyone,

I started using NethServer yesterday and so far, so good, like really good.
I installed Openfire and it took me a while to find how to properly configure OpenLDAP with Openfire but got it working.

Now, I’m stuck with a problem/error.

I’m trying to connect to the Openfire server thru Jitsi and it doesn’t connect.
Back on the server, I ran nmap to troubleshoot if the ports were open.

nmap localhost
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
3306/tcp open mysql
5222/tcp open xmpp-client
5269/tcp open xmpp-server
7070/tcp open realserver
7443/tcp open oracleas-https
7777/tcp open cbt
9090/tcp open zeus-admin
9091/tcp open xmltec-xmlmail

They are working for localhost.

If I nmap they external domain, says the port is closed.

nmap myexternaldomain.com
PORT STATE SERVICE
80/tcp open http
1152/tcp closed winpoplanmess
1723/tcp open pptp
5050/tcp open mmcc
5100/tcp open admd
5101/tcp open admdog

Reading on other posts, I found that other users opened TCP ports on NethServer BUT here’s the thing, I don’t have the firewall module installed.

Should I still open the ports?
Something like this?

config set fw_Openfire service status enabled TCPPort 3478,3479,5222,5223,5229,7070,7443,7777,9090,9091 access public signal-event firewall-adjust

and…

config setprop Openfire status enabled TCPPort 3478,3479,5222,5223,5229,7070,7443,7777,9090,9091 access public

I need Openfire to be accessible from outside, external access.
In NethServer terminology, GREEN and RED.

Another error I found BUT I believe it’s just a syntax error on Openfire:
On the Openfire administration panel, it shows all ports listening on all interfaces, except 5222 and 5223.
I believe this is just a syntax error because nmap properly showed that those ports are open.

Server is behind a router and port forwarding is configured. I’m able to access other services but Openfire.

Am I missing something else here?
Openfire runs on the same ports of ejabberd so if anybody got any ideas on how to solve this, really appreciate it.

NethServer Configuration

Version 6.6. Interactive Installation.
NIC: eth0 only. Standard configuration.
yum upgrade.
Modules Installed: File Server, MySQL Server and Web Server.
Additional Packages: vim, nmap, glibc.i686 and NethServer Password Policies.

PS: As soon as I get this problem solved, I’ll make a proper HOWTO about NethServer+Openfire+OpenLDAP.

Thanks in advance.
Tim.

Nas · July 23, 2015, 1:50pm

Why do you use Openfire? Ejabberd is in distro

tim · July 23, 2015, 7:50pm

Hey Nas,

I decided to use Openfire because I had stability and performance issues with ejabberd before.

Also, I have a database running with Openfire already.
The administration interface and configuration settings in Openfire are way better than ejabberd.

At the end, it’s just a matter of taste.
I would give ejabberd another try sometime but for now, I would to get Openfire running.

Thanks for replying.

Nas · July 23, 2015, 9:42pm

Have you done with your goals? I may help you

tim · July 25, 2015, 2:50am

Hey man,

Sorry I couldn’t answer before.
As I thought, the problem was the firewall. I was sleepy and misread the documentation.
I opened the ports as stated in the docs and voila! Everything is working now.
NethServer Documentation - Third-party software

[root@servidor01 ~]# config set fw_openfire service status enabled TCPPorts 3478,3479,5222,5223,5229,7070,7443,7777,9090,9091 access public
[root@servidor01 ~]# signal-event firewall-adjust

For some reason, I thought that NethServer didn’t have any firewall installed.
My logic was that I had to install the firewall module to enable it.
I feel stupid - my bad.

ATM, Openfire is working as it should. There’s some bugs on the current version (plugins not working properly) but I don’t think it has to do with NethServer at all, more likely bugs with Java (old news, hehe) or Openfire itself. Was reading on other forums that the bug that I currently have is because of the Java version I’m using (Zulu 8) but imma try installing the Java package directly from Oracle.

The only thing I’m missing is making Openfire filter LDAP groups. So the idea would be:
Create a group on LDAP named ‘OpenfireUsers’.
Assign users to that group so they can access the service.
Then filter Openfire to use that specific group.

But I can’t get it to work. I just started working with LDAP and it confuses me.

Thanks for your help and as I promised, I’ll upload a HOWTO later.

Tim.

Nas · July 25, 2015, 7:16am

You do not need make new group on Ldap, you could do only Enable service, for each people, use credentials of libuser

alefattorini · July 25, 2015, 7:49am

Great work man! Post a draft soon on which we can work

tim · July 25, 2015, 8:51am

You got a link on how to enable the service for certain users?
Searched in the documentation and didn’t find anything related to it.

Nas · July 25, 2015, 8:57am

search on forum i gave a lot of info aboult how to connect to LDAP and give soft like Ldap Admin and apache directory studio

tim · July 25, 2015, 10:23am

I was searching on the docs on how to do something like this:

And add a new option as…
[checkbox] Openfire (Chat Service)

Nas · July 25, 2015, 1:50pm

WOWOW If You are good in PERL + PHP you could do it and fork on Git , or to ask developers to make this feature

Nas · August 1, 2015, 5:38pm

OpenFire, could save logs. How much does it weight? Is it like skype , so when U login from other device your be able to see all history?

tim · August 9, 2015, 1:45pm

Hey Nas, sorry I didn’t answer before.

Openfire has a Monitoring plugin which saves chat history on the database you choose, it could be MySQL or PostgreSQL and the embedded DB. Also, you can turn on ‘Message Audit Policy’ too.

As for memory usage, I have 17 users using the service and it runs between 60MB to 160MB so far.

For the ‘Skype / automatic history synchronization between multiple clients’ functionality, take a look at XEP-0313 and XEP-0136. From what I’ve seen, you can do it, the problem relies on the XMPP clients (Jitsi, Xabber, Pidgin, etc).
You need to add/set a system property on Openfire called route.all-resources that allows the server to route messages to multiple clients that have the same or highest priority. Apparently, it works but only if messages are sent to the base JID. I haven’t done this before but I might take a look at it this week.

route.all-resources
 Enable routing of messages to base JID to every client logged in with the same base JID (different resources) and the same (highest) priority.

Take a look at this link for more information and… another one.
Edit: Just found this.

Regards.

Nas · August 9, 2015, 3:20pm

Try to implement, it is wery cool feature, to be like skype

alefattorini · August 31, 2015, 1:11pm

Ehi @tim do you have resolved your issue? Could you move forward with your howto?