Ignite Realtime: LDAP Users in multiple groups

Skip navigation

Up to Discussions in Openfire Support

5779 Views 4 Replies Latest reply: Nov 26, 2007 7:38 PM by sixthring

Red_Dragon_X

13 posts since
Nov 14, 2007

Currently Being Moderated

Nov 26, 2007 10:11 AM

LDAP Users in multiple groups

i REALLY hope some one can help me with this issue. I have AD users that are a memeber of multiple groups. but i need a way to specify which of the Openfire groups they are a member of. Since im using the LDAP authentication, i cannot manually specify which group these users are suposed to belong to, and there doesnt seem to be a standard as to which group the users are added to. so hopefully someone else is in this same situation and could be of some assistance.

Getting that question answered would solve my problem, but maybe there is a better way around this. all of the users are in OUs based on the group they should be in for openfire, so maybe there is a way that i can use OUs for groups, rather than domain group names. is that possible? What i mean is UserA, and UserB are in the OU Administrators, but are members of Sales and Administrators groups. UserA is showing up in the Sales group on openfire while UserB is in the Administrators group. if there was a way to specify that each OU is a group, and the users in each OU belong to that group in Openfire, that would be an easier way around my issue that i am having.

Anyone have any suggestions ? i would be very greatful for any help i can get on this !

Like (0)

sixthring
3,799 posts since
Apr 2, 2007

Currently Being Moderated

Nov 26, 2007 10:36 AM (in response to Red_Dragon_X)
Re: LDAP Users in multiple groups

Create the specific groups in AD and add the members. Then once this syncs to the openfire server share those groups.

Report Abuse

Like (0)
Matt Tanksley
50 posts since
Aug 9, 2007

Currently Being Moderated

Nov 26, 2007 10:37 AM (in response to Red_Dragon_X)
Re: LDAP Users in multiple groups

I am having a very similar issue. Aside from being in multiple asimilar groups, all members of any given department belong to a Security group and an Email group of the same name. To overcome this, I simply chose one group type to "enable contact list sharing" on, and shared that with All Users. However if there are any non-department users in that group, they will show up in multiple groups. For example, users who started in one department moved to another but still handle some duties from their previous position are still members of their previous department's email and security groups. Can get hairy. I wish there was a way to handle it better in Openfire, but I don't believe so.

M@

Report Abuse

Like (0)
- Red_Dragon_X
  13 posts since
  Nov 14, 2007
  
  Currently Being Moderated
  
  Nov 26, 2007 12:02 PM (in response to Matt Tanksley)
  Re: LDAP Users in multiple groups
  
  Thanks for the reply Todd, that is how i fixed the problem temporarily. i still wish that i could specify OUs as the groups, but in the mean time this will work out ok !!
  
  Report Abuse
  
  Like (0)
  - sixthring
    3,799 posts since
    Apr 2, 2007
    
    Currently Being Moderated
    
    Nov 26, 2007 7:38 PM (in response to Red_Dragon_X)
    Re: LDAP Users in multiple groups
    
    an OU can not be a group. They are merely a folder/container to hold things, hence the name Organizational Unit. In order to use groups in Openfire with an AD LDAP configuration you need to have the groups defined in AD. Openfire views LDAP in a read-only fashion.
    
    Report Abuse
    
    Like (0)

Go to original post

Legend

Correct Answers - 10 points
Helpful Answers - 5 points