try another color:
try another fontsize: 60% 70% 80% 90%
dueyesterday.net
Documentation for the masses

How to Integrate XMPP (Openfire) Chat into Drupal and your Environment

Fri, 01/08/2010 - 16:25 — bsdixon

Adding Chat to Drupal

I am going to assume that users reading this understand how to install Drupal modules, so I will skip that configuration aspect. For this example my Openfire and Drupal services are on separate servers. This to me is the best option considering the criticality that both may represent in an organization. With that said, we need to do a couple extra steps to get this configuration working properly. I would also like to point out that authentication will be done via Apache. This demo is using an HTTP site, but I would recommend using HTTPS considering we will be using Basic Authentication for Apache.

Download the following modules:

Install the modules and go to the administration panel for the webserver authentication module. In the "Email domain" section, fill in the domain for your local environment. Under advanced settings make sure both options are checked off. There is no need to fill in anything for the User account modification section.

With this in place, lets move over to the Apache configuration and take care of a few things there before moving on to the xmppframework module. I am not going to post an Apache configuration here as everyone may have a different structure. I will however include what you need to get this all up and running. 

 

  1.  Edit your main site file and include the following information inside of a location block:
    • AuthzLDAPAuthoritative on
    • AuthBasicProvider ldap
    • AuthType Basic
    • AuthName "Company Name"
    • AuthLDAPURL "ldap://LDAPHOST:389/OU=your_ou,DC=your_domain,DC=com?sAMAccountName?sub?(objectClass=*)"
    • AuthLDAPBindDN "CN=binder_account,OU=your_ou,DC=your_domain,DC=com"
    • AuthLDAPBindPassword password_for_binder
    • Require valid-user
  2. Since our chat services are on a different server, we need to proxy the communication from the Drupal installation to the remote chat server. To do this we are going to use HTTP-Bind for the connection and add the following within our Apache configuration:
  3. Save the configuration, but don't restart Apache quite yet. We need to enable some modules or none of this will work correctly. Enable the following:
    • rewrite
    • proxy
    • proxy_http
    • authnz_ldap
  4. Once the modules are enabled, do a force reload on Apache.
    • /etc/init.d/apache2 force-reload
  5. The last thing we need to do before leaving this server is make sure our Proxy is going to let us make the request out to our Openfire server.
    • cd /etc/apache2/mods-available/proxy.conf
    • Ensure your configuration says the following:
      • ProxyRequests Off
      • Order deny,allow
      • Allow from all
      • Allow from localhost
      • ProxyVia On
  6. Restart Apache one more time and test out to see to make sure everything is working by going to the following:
  7. You should have an HTTP 400 error claiming a Bad_Request was sent in. If you get this then were ready to move on.
  8.  Go back to your administrator panel in Drupal and look for XMPP Framework. There are 3 main options that we are worried about with this module.
    • Client (Launch Settings)
      • HTTP Bind
      • SASL
      • conference.your_domain.com
      • vjud.your_domain.com
      • English
    • User (User Settings)
      • Check Authenticate User with WS Credentials (custom patch - see here)
    • User (Provisioning Settings)
      • your_domain.com
      • Check Provision XMPP for Drupal Users
    • XMPP API Settings
      • server ip/hostname
      • 7070
      • admin user
      • admin password
      • your_domain.com
  9. The module is now configured and we're close to chatting it up. Head over to the administrator panel and take a look under "Blocks". There should be an XMPP_CLIENT: Chat Launch block that you can place on your site. Add this somewhere and save.
  10. The last thing we need to do is fill in our JID for our user (this can be scripted for large user sets). Go to your account and scroll down until you see JID. The format will be user.name@your_domain.com.

Here is a picture of the end result in action.

At this point the configuration is 100% complete, but we can expand on it further by adding presence from each user into the portal. Check out this posting for more information.

 

Your rating: None Average: 3.6 (27 votes)

Comments

without ldap user sync?

Mon, 03/29/2010 - 15:09 — Anonymous

Hey there,great Tutorial but do you know a solution to sync users without using a ldap server?I think it opens may security issues and is not really needed for this "small" user sync.king regards

Depends on your XMPP solution

Thu, 04/08/2010 - 08:30 — bsdixon

If you are using Openfire then I know you can use MySQL for your backend database. Keep in mind that Drupal also uses MySQL. In theory you could created a stored procedure to copy the Drupal user related information out of the Drupal database and copy it over into the Openfire database. Obviously you would need to account for the changes in table structure, constraints and encryption, but I think it would work. You would also need to look into the amount of times a stored proc. could be called throughout the day (depending on how much your are worried about syncing the information).  

Hey

Wed, 05/19/2010 - 12:58 — Anonymous

just found a patch in the xmpp framework module queue that solves this problem. There is temporaly one error you got while the module syncs the user db but it works like a charm.If I can find it I will post it here but i already serched and it is not very clear for me why it works but also creates an error :).

Almost done, but

Mon, 05/24/2010 - 19:20 — Anonymous

Hi great article, really great article, quite impressive. I've made through the end in a couple of days, first fixing problems with LDAP, then Centos didn't want to install mod_authz_ldap, then i got some problem redirecting to http-bind. I guess i solved most of the problems now if i try to go to my-site-url.com/http-bind/ i get an error 400 of bad request. Pidgin works with openfire i can see the sessions too, i can make rooms on conference.my-site.com too. The last problem is that in the XMPP_CLIENT block i see only the configure chat link even if i put the JID on the configuration page. I'm the only user for now, is this the problem ? I must have more than one user ?Another question, there's a way to check that my mod_authnz_ldap configuration is working propertly ?Thanks and great article!

Hi it's me again

Tue, 05/25/2010 - 18:06 — Anonymous

Hi i solved the problem i was asking for, and i discovered that openfire can use an external database for user authentication so i set up the openfire.xml file to use the Drupal user table without needing stored procedure o synching problems, here is the article for Openfire custom authentication.http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/...Bye and keep up the good work.

Glad you solved your issue!

Fri, 05/28/2010 - 19:15 — bsdixon

 What is the account you were trying to register? I will go in and make sure everything is setup for you. Thanks for the praise and if you don't mind me asking, was there anything you think I should add to the walk through to make it better? 

Maybe some more infos about...

Wed, 06/02/2010 - 09:57 — Anonymous

Hi it wasn't me that got problem with the registration process. I was the one asking for the problen that then i solved it. For the article you can explain more in detail how to configure LDAP for openfire. I've already know how to use LDAP so i got no problem, but it can't be clear how to set up a functional dc for openfire to a newbie. Also you can leave an example to how to edit the httpd.conf file (for mod_proxy and mod_authnz_ldap), just a bit of the conf file to show to a less experienced user the concept of the <Location> tag. The most useful tip is that you put a section for configuring openfire to work with the drupal users db table. I guess that most users have this tipe of configuration and use LDAP (as i said) can be painful to some LDAP newbies. I've posted the link for the guide to customize openfire db authentication.If you need i can write some lines about how i did it and post my openfire.xml file, but the openfire tutorial is quite straightforward. The omission on the openfire tutorial is that you must set the same type of auth connection type that you use in the openfire.xml (if you use JDBCAuth..., you must set JDBCAuth... on the admin option in openfire administration page or the authentcation fails).cya! Marco

thanks

Fri, 06/25/2010 - 15:59 — Anonymous

Hi great article. I want to publish this article on my own if allowed. my website estetik

 Just credit back here and I

Sat, 06/26/2010 - 19:08 — bsdixon

 Just credit back here and I have no issues with that.

Integration without LDAP

Mon, 07/19/2010 - 02:13 — Anonymous
5

Hi.I´ve found yout tutorial very useful and I´ve set up the server and the drupal module. I have Drupal and Openfire on the same machine so I didn´t have to pass through the proxy configuration.I have not used the ldap config to use one sign on so I have to separate tables for users, one in drupal and the other one in openfire. I have configured my openfire user account on my drupal user profile, but when i push the launch XWChat button the chat return the following error: "Wrong combination Username / Password. Please re-loign to the site for synchronization. Disconnected from Server".The openfire user works perfectly on Pidgin. The config of drupal is ok i thing. The http-binding works well and It´s correctly configured. Any idea of what could be wrong? Thanks in advance.

Shoot me an email

Wed, 07/21/2010 - 06:47 — bsdixon

This is something that has come up before and I have tried to help with, but was never 100% successful. I know in my early installation of the xmppframework that the password decryption function was never working correctly. This in turn would mangle passwords being sent to the openfire server. I was able to see this by using firebug within firefox and watching the authentication process (in the clear without MD5).

Send me an email and I can try and help you out more...

brandon.s.dixon@gmail.com