Skip navigation
Up to Discussions in Openfire Support
2285 Views 8 Replies Latest reply: Aug 11, 2008 9:39 AM by sixthring RSS
William Bronze
William
5 posts since
Jul 10, 2008
Currently Being Moderated

Aug 7, 2008 12:33 PM

LDAP HELP!!!!

So I got it working but what i need to do is have many baseDN's

 

So my question is how to do get more than two baseDN's

 

I know there is a <baseDN> and a  <alternateBaseDn>

 

how can i have more than 2

 

I have 3 OU's each with users and groups, for this to work I can put one in the baseDN and one in the alternateBaseDN but i need a third one.  I would just use the root of the domain but then things dont work at all...

  • Chris Bronze
    Chris
    35 posts since
    Oct 19, 2006
    Currently Being Moderated
    Aug 8, 2008 8:48 AM (in response to William)
    Re: LDAP HELP!!!!

    william,

         If you're using base dn's that are ou's in ldap can you use a higer level base dn that would include the 3 or 4 that you need and filter the users and groups by objectClass or some other attribute?

    example:

    base: dc=example,dc=com

    filter: (objectClass=user)

    • William Bronze
      William
      5 posts since
      Jul 10, 2008
      Currently Being Moderated
      Aug 8, 2008 8:54 AM (in response to Chris)
      Re: LDAP HELP!!!!

      I would use the root of the directory but that doesn't seem to be an option.  When I use the root base dc=example,dc=com and have groups, end users when logged on presence will show offline, users cannot send between each other, therefore I have to use OUs under the root OU=,dc=,dc=.

      • Chris Bronze
        Chris
        35 posts since
        Oct 19, 2006
        Currently Being Moderated
        Aug 8, 2008 9:04 AM (in response to William)
        Re: LDAP HELP!!!!

        hrrm,

             Sounds like 2 different problems. Is the AD that you're trying to get users from or another LDAP?

        I'm still using a much older version of openfire but I've not had a problem with AD and I'm uing the directory root.

        So, when you're using the directory root users can login put don't appear online to other users?

        Have you tried duplicating the ldapsearch from a command line to see if you get the results you expect?

        • William Bronze
          William
          5 posts since
          Jul 10, 2008
          Currently Being Moderated
          Aug 8, 2008 9:10 AM (in response to Chris)
          Re: LDAP HELP!!!!

          yep im using AD for users, I have the newest version, and I only get the error when I use root as my baseDN,

           

          I have 2 OU's with users and 1 OU with groups so i really need to have baseDN=ou=1,dc=example,dc=com alternateDN=ou=2,dc=example,dc=com and alternateDN2=ou=3,dc=example,dc=com

           

          on a side note when i try to use root and have groups which are showen to all users, those users log in and when in the admin page you can see under session that they are authenticated and logged in but there presence shows offline,  then if you drill down farther by clicking on that user, the following page will show there presence as online.  Here we need to have groups its not a option.  But as a workaround i can specifiy a OU as the baseDN... then things work.

          • Chris Bronze
            Chris
            35 posts since
            Oct 19, 2006
            Currently Being Moderated
            Aug 8, 2008 9:20 AM (in response to William)
            Re: LDAP HELP!!!!

            I'm using AD for auth but the embedded db for groups, again on a much older version of wild/openfire. So, I'm not sure how much more help I can be.

            Do you see anything in the error log when using the root as the base?

             

            This might be completely off track, but... I personally wonder what happens if you have a user that's a member of multiple groups in AD. How does openfire handle that?

             

            Have you tried using AD to auth and creating a test group in the embedded system for testing? Since you can't have the muliple bases that you want have your groups ever worked correctly?

            • William Bronze
              William
              5 posts since
              Jul 10, 2008
              Currently Being Moderated
              Aug 8, 2008 9:33 AM (in response to Chris)
              Re: LDAP HELP!!!!

              Thats whats weird no errors, If i put group section on POXIS i get some errors but then i dont see Any members of groups, however users can log in and at least manually add users, but still they still appear as offline.  Its like its seeing the root and can auth users but when it comes to updating the presence it just cant do that.

               

              But no, never had it working right using the root with groups,  however i havent tried earlier verison of openfire just the latest one.  We do have an older one here but it wasnt using LDAP.

               

              Also i didnt think if you put it to LDAP that it will let you create any group on the embedded system, pretty sure it will default to trying to add a AD group which it cant do.  Going back to how you mention about how openfire will handel a user in multiple groups I dont know.

               

              Oh well, what I will do is use ou=1 for baseDN and ou=2 for alternatedn on the .conf file and then just move my group ou in ou=1, then i can resolve both OU of users and since the groups ou is inside ou=1 then i can resolve groups.

          • sixthring KeyContributor
            sixthring
            3,789 posts since
            Apr 2, 2007
            Currently Being Moderated
            Aug 11, 2008 9:39 AM (in response to William)
            Re: LDAP HELP!!!!

            Are you using the correct ports?  There is a different port you should use if you set the baseDN to the top of the tree.  See this doc:  http://www.igniterealtime.org/community/docs/DOC-1554.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points