igniterealtime · guusdk · Dec 18, 2024 · Dec 12, 2024 · Dec 12, 2024 · Dec 12, 2024
diff --git a/documentation/index.html b/documentation/index.html
@@ -95,6 +95,9 @@ <h3 id="integration-external">Integration with External Data Sources</h3>
 
             <dt><a href="db-integration-guide.html">Custom Database Integration Guide</a></dt>
             <dd>A guide to integrating Openfire authentication, user, and group data with a custom database.</dd>
+
+            <dt><a href="multi-providers.html">Integrating with more than one External Data Source</a></dt>
+            <dd>Describes how Openfire can be configured to not only one, but multiple External Data Source.</dd>
         </dl>
 
         <h3 id="analysis">In-depth Analysis</h3>

diff --git a/documentation/ldap-guide.html b/documentation/ldap-guide.html
@@ -180,7 +180,14 @@ <h4>Main Settings</h4>
                     <dt>ldap.host <span style="color: red; "><b>*</b></span></dt>
                     <dd>LDAP server host; e.g. localhost or machine.example.com, etc. It is possible to use many LDAP
                         servers but all of them <b>should share the same configuration</b> (e.g. SSL, baseDN, admin account,
-                        etc). To specify many LDAP servers use the comma or the white space character as delimiter.</dd>
+                        etc). Openfire will prefer the first server, but will connect to the next server in case the first
+                        server is unavailable.
+                        <p>To specify many LDAP servers use the comma or the white space character as delimiter. When
+                        a server does not use the port number that's configured below, a port for each server can be configured
+                        by separating them from the hostname with a colon-character. In this example, two servers are configured,
+                        that each use a distinct port: <code>primary.example.org:10389 secondary.example.com:20389</code></p>
+                        <p>When a host defines a port in this format, it overrides the port defined in the property below.</p>
+                    </dd>
 
                     <dt>ldap.port</dt>
                     <dd>LDAP server port number. If this property is not set, the default value is 389.</dd>

diff --git a/documentation/multi-providers.html b/documentation/multi-providers.html
diff --git a/documentation/separating-admin-users-guide.html b/documentation/separating-admin-users-guide.html
@@ -24,8 +24,11 @@ <h2>Introduction</h2>
         <p>
             Openfire can be configured to use a variety of external sources for authentication, users and groups. This is useful
             when your users already have accounts in an external system, and you do not wish to duplicate those accounts. More
-            information on this subject is available in the the <a href="db-integration-guide.html">Custom Database Integration
-            Guide</a>, as well as the <a href="ldap-guide.html">LDAP guide</a>.
+            information on this subject is available in the <a href="db-integration-guide.html">Custom Database Integration
+            Guide</a>, as well as the <a href="ldap-guide.html">LDAP guide</a>. You can even develop your own, custom
+            connectivity to external data sources, as described in the <a href="implementing-userprovider-guide.html">Custom User Provider Guide</a>,
+            <a href="implementing-authprovider-guide.html">Custom Authentication Provider Guide</a> and
+            <a href="implementing-groupprovider-guide.html">Custom Group Provider Guide</a>.
         </p>
         <p>
             This document takes the concept one step further, and provides instructions on how to configure Openfire to obtain
@@ -231,7 +234,7 @@ <h2>Example Configuration</h2>
         </fieldset>
 
         <p>
-            Each of the Mappers is told what provider to user for administrative and regular users:
+            Each of the Mappers is told which provider to use for administrative and regular users:
         </p>
 
         <fieldset>

diff --git a/i18n/src/main/resources/openfire_i18n.properties b/i18n/src/main/resources/openfire_i18n.properties
@@ -1231,9 +1231,30 @@ system_property.update.proxy.port=The port on the proxy to use, or -1 if no prox
 system_property.xmpp.session.conflict-limit=-1 to never kick off existing sessions when another session with the same \
   full JID joins, otherwise the number of login attempts before the existing session is kicked
 system_property.provider.auth.className=The class to use to authenticate users
-system_property.hybridAuthProvider.primaryProvider.className=The first class the HybridAuthProvider should to use to authenticate users
-system_property.hybridAuthProvider.secondaryProvider.className=The second class the HybridAuthProvider should to use to authenticate users
-system_property.hybridAuthProvider.tertiaryProvider.className=The third class the HybridAuthProvider should to use to authenticate users
+system_property.hybridAuthProvider.primaryProvider.className=The first class the HybridAuthProvider should use to authenticate users.
+system_property.hybridAuthProvider.primaryProvider.config=Configuration value for the first class used by the HybridAuthProvider.
+system_property.hybridAuthProvider.secondaryProvider.className=The second class the HybridAuthProvider should use to authenticate users.
+system_property.hybridAuthProvider.secondaryProvider.config=Configuration value for the second class used by the HybridAuthProvider.
+system_property.hybridAuthProvider.tertiaryProvider.className=The third class the HybridAuthProvider should use to authenticate users.
+system_property.hybridAuthProvider.tertiaryProvider.config=Configuration value for the third class used by the HybridAuthProvider.
+system_property.hybridGroupProvider.primaryProvider.className=The first class the HybridGroupProvider should use to get groups from.
+system_property.hybridGroupProvider.primaryProvider.config=Configuration value for the first class used by the HybridGroupProvider.
+system_property.hybridGroupProvider.secondaryProvider.className=The second class the HybridGroupProvider should use to get groups from.
+system_property.hybridGroupProvider.secondaryProvider.config=Configuration value for the second class used by the HybridGroupProvider.
+system_property.hybridGroupProvider.tertiaryProvider.className=The third class the HybridGroupProvider should use to get group from.
+system_property.hybridGroupProvider.tertiaryProvider.config=Configuration value for the third class used by the HybridGroupProvider.
+system_property.hybridUserPropertyProvider.primaryProvider.className=The first class the HybridUserPropertyProvider should use to get user properties from.
+system_property.hybridUserPropertyProvider.primaryProvider.config=Configuration value for the first class used by the HybridUserPropertyProvider.
+system_property.hybridUserPropertyProvider.secondaryProvider.className=The second class the HybridUserPropertyProvider should use to get user properties from.
+system_property.hybridUserPropertyProvider.secondaryProvider.config=Configuration value for the second class used by the HybridUserPropertyProvider.
+system_property.hybridUserPropertyProvider.tertiaryProvider.className=The third class the HybridUserPropertyProvider should use to get user properties from.
+system_property.hybridUserPropertyProvider.tertiaryProvider.config=Configuration value for the third class used by the HybridUserPropertyProvider.
+system_property.hybridUserProvider.primaryProvider.className=The first class the HybridUserProvider should use to get users from.
+system_property.hybridUserProvider.primaryProvider.config=Configuration value for the first class used by the HybridUserProvider.
+system_property.hybridUserProvider.secondaryProvider.className=The second class the HybridUserProvider should use to get users from.
+system_property.hybridUserProvider.secondaryProvider.config=Configuration value for the second class used by the HybridUserProvider.
+system_property.hybridUserProvider.tertiaryProvider.className=The third class the HybridUserProvider should use to get users from.
+system_property.hybridUserProvider.tertiaryProvider.config=Configuration value for the third class used by the HybridUserProvider.
 system_property.admin.authorizedJIDs=The bare JID of every admin user for the DefaultAdminProvider
 system_property.xmpp.auth.ssl.context_protocol=The TLS protocol to use for encryption context initialization, overriding the Java default.
 system_property.xmpp.parser.buffer.size=Maximum size of an XMPP stanza. Larger stanzas will cause a connection to be closed.
@@ -1320,11 +1341,15 @@ system_property.adminConsole.perUsernameAttemptResetInterval=Time frame before A
 system_property.xmpp.muc.muclumbus.v1-0.enabled=Determine is the multi-user chat "muclumbus" (v1.0) search feature is enabled.
 system_property.xmpp.muc.join.presence=Setting the presence send of participants joining in MUC rooms.
 system_property.xmpp.muc.join.self-presence-timeout=Maximum duration to wait for presence to be broadcast while joining a MUC room.
+system_property.ldap.authorizeField=Name of attribute in user's LDAP object used by the LDAP authorization policy.
 system_property.ldap.pagedResultsSize=The maximum number of records to retrieve from LDAP in a single page. \
    The default value of -1 means rely on the paging of the LDAP server itself. \
    Note that if using ActiveDirectory, this should not be left at the default, and should not be set to more than the value of the ActiveDirectory MaxPageSize; 1,000 by default.
 system_property.ldap.useRangeRetrieval=Enable range retrieval for processing of large LDAP groups
 system_property.ldap.unencrypted-warning-suppression=Openfire will log a warning when interacting with LDAP using an unencrypted connection. To prevent flooding of the logfiles, subsequent warnings are suppressed for the duration configured by this property.
+system_property.ldap.authCache.enabled=When enabled, user credentials obtained from a directory service (AD/LDAP) will be cached for a while.
+system_property.ldap.authCache.size=Size (in bytes) of the cache in which user credentials obtained from a directory service are cached.
+system_property.ldap.authCache.maxLifetime=Maximum time that user credentials obtained from a directory service are kept in cache.
 system_property.xmpp.iqdiscoinfo.xformsoftwareversion=Set to false to not allow Software Version DataForm on InfoDisco response.
 system_property.plugins.servlet.allowLocalFileReading=Determines if the plugin servlets can be used to access files outside of Openfire's home directory.
 system_property.cert.storewatcher.enabled=Automatically reloads certificate stores when they're modified on disk.
@@ -2026,6 +2051,9 @@ setup.ldap.server.basedn=Base DN
 setup.ldap.server.basedn_help=The starting DN that contains all user accounts. The entire subtree \
   under the base DN will be searched for user accounts (unless subtree searching is disabled).
 setup.ldap.server.basedn_error=Enter a valid LDAP base DN.
+setup.ldap.server.alternatebasedn=Alternate Base DN
+setup.ldap.server.alternatebasedn_help=Provides data that complements that of the Base DN.
+setup.ldap.server.alternatebasedn_error=Enter a valid LDAP alternate base DN (or leave it empty).
 setup.ldap.server.auth=Authentication
 setup.ldap.server.admindn=Administrator DN
 setup.ldap.server.admindn_help=The full DN of a directory administrator. All directory operations will be \

diff --git a/xmppserver/src/main/java/org/jivesoftware/openfire/admin/DefaultAdminProvider.java b/xmppserver/src/main/java/org/jivesoftware/openfire/admin/DefaultAdminProvider.java
@@ -15,18 +15,18 @@
  */
 package org.jivesoftware.openfire.admin;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.StringTokenizer;
-
 import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.SystemProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xmpp.packet.JID;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.StringTokenizer;
+
 /**
  * Handles default management of admin users, which stores the list if accounts as a system property.
  *
@@ -39,15 +39,14 @@ public class DefaultAdminProvider implements AdminProvider {
         .setDefaultValue(Collections.emptyList())
         .setSorted(true)
         .setDynamic(true)
-        .addListener(jids -> AdminManager.getInstance().refreshAdminAccounts())
+        .addListener(jids -> { if (AdminManager.getAdminProvider() != null) AdminManager.getInstance().refreshAdminAccounts(); })
         .buildList(JID.class);
     private static final Logger Log = LoggerFactory.getLogger(DefaultAdminProvider.class);
 
     /**
      * Constructs a new DefaultAdminProvider
      */
     public DefaultAdminProvider() {
-
         // Convert old openfire.xml style to new provider style, if necessary.
         Log.debug("DefaultAdminProvider: Convert XML to provider.");
         convertXMLToProvider();