Hello
In my company i have a forest of domains
england.emc
deutchland.emc
france.emc
Root of this domain is emc
Openfire server 3.71
I have followed instructions from this post
I switched openfire.jar (compiled for 3.71)
System properties:
ldap.adminDN = administrator@com
ldap.autoFollowAliasReferrals = false
ldap.autoFollowReferrals = false
ldap.baseDN =
ldap.encloseDN = true
ldap.host = 10.200.1.1
ldap.port = 3268
xmpp.domain =emc
I can find users and groups, but they are empty- see attached files.
Group filter (no matter what i fill in) - Possix disabled
(&(objectClass=group))(cn=GG-*)
User Filter - nothing special for now
(objectClass=organizationalPerson)
When i connect to single domain it’s working perfect
Thank You for information
Are you using Active Directory?
Hello
Yes this is windows 2003 based Active Directory
Fond one clue
emc - 10.200.1.1 (root)
england.emc - 10.300.1.1
deutchland.emc - 10.400.1.1
etc
When i connect to host emc (10.200.1.1) i can’t see any users in groups
When i connect to england.emc (10.300.1.1) ** i see users in groups only from england.emc**
This same situation is for each domain in the forrest.
It doesn’t matter that i connect as enterprise admin or local admin of domain.
Thhank You in advance
Are you sure the domain controllers you are connecting to are global catalog servers?
Also, can you log into the database server and verify that the configuration value for ldap.baseDN is empty?
Chris75
October 31, 2012, 12:54pm
5
Yes i am sure:)
Yes is empty
do You use universal groups?
Yes, Universal Security groups.
My settings:
ldap.groupSearchFilter:
(&(objectCategory=Group)(memberOf=CN=IM Groups,OU=Instant Messaging,OU=Universal,OU=Security Groups,OU=Groups,OU=Datacenter US,DC=company,DC=local))
All of our IM groups are a direct memeber of the group “IM Groups”
ldap.searchFilter:
(&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sn=)(g ivenName= )(msExchMailboxGuid=*)(!(memberOf=CN=Service Accounts,OU=Global,OU=Security,OU=Groups,OU=Datacenter US,DC=company,DC=local)))
User is not disabled
User has an SN
User has a GivenName
User has a mailbox
User is not a member of our “Service Accounts” group
Hello thank You very much
Problem was in Universal Groups.
I must create few:)
Ok another little problem
Let’s say that i create gorup named Jabber so
Cn=Jabber,OU=UG,OU=EMC,DC=england,DC=EMC
It is possible to do that the member of this group will be a Global Group? Or should it be only person?
It will automate creating users. Because when we create user, we are putting them to group f.e. Finance and doesn’t have to remember to put them in to im groups. Or how it’s done in Your’s company?
When i add any group to be a member of Jabber i see :
john.doe
blablabla.bla
cn=im-groups-it,ou=ug,ou=emc,dc=england,dc=**emc@england.emc <-? this is my xmpp.domain
**
**
**
Once again thank You very much
**
**
Are your settings the same as mine?
ldap.autoFollowAliasReferrals = true
ldap.autoFollowReferrals = false
ldap.emailField = mail
ldap.encloseDNs = true
ldap.groupDescriptionField = description
ldap.groupMemberField = member
ldap.groupNameField = cn
ldap.nameField = cn
ldap.usernameField = sAMAccountName
Chris75
November 22, 2012, 8:28pm
9
I Was on the vacation, sorry for delay
It’s working right now in each domain i must create Universal group with all users in each domain.
It’s now working like a charm:)
Once again thank You very much. good Job:)