Openfire (latest version, Linux) running with read access to OpenLDAP.
I cannot change the contents of the OpenLDAP server because the LDAP server gets populated by another system.
The LDAP contains (among other stuff): ou=People and ou=Group
Base DN used in Openfire is Domain, Top-Level-Domain
“Group” contains several groups. ldap.groupNameField = cn .
Openfire uses “users” group. This group contains all user names in the field “memberUid” as a list. ldap.groupMemberField = memberUid
Since the base DN is so broad, I use a filter: ldap.groupSearchFilter = (cn=users)
This gives me a group roster in Openfire which contains all users in the “users” group. These are all people in my company.
So far, so good.
What I want to do:
I want to have different group rosters for each branch office. So, separate group rosters for people from New York, from Berlin, from Paris… You get the idea.
The only place where this information is stored is in ou=People.
Every uid (every person) contains a field “location”.
The big question:
How should I configure Openfire in order to read the LDAP in a way that it creates group rosters for every location?
Sorry, but I don’t know how to do that. I tried many different things but the best result I could get is that for every person in People a group is created which is named like the location. So, … Paris would be present about 50 times meaning I get 50 Groups that are named - nothing! Nothing because the location name appears several times and it seems that Openfire does not like this very much.
Is it really possible to gather members and add them to a group by means of a ldap filter? It seams to me that Openfire expects a group or several groups in LDAP that contains a list of all users - prepopulated!
If it is possible to get a group only from people entries - without any prepopulated groups - then please enlighten me how I could do this via ldap filters because as far as I got, this does not seem to be possible.
Nothing worked. So… I used mailing lists Groups. Not pretty but it does the job.
A warning / advice:
When you use a full email address as username… you have to exchange the @ in the user name to \40 when you want to login with Pidgin. Otherwise it is not a valid XMPP id.