First off let me say I am a OpenFire newb and very confused and frustrated.
I have my Openfire server(306a) up and running fine. I have it connected to Active Directory and it shows I have 1000+ users and 568 groups. I have read lots of post about filters, but they have confused me more I think.
This is my setup…
BaseDN = dc=mydomain, dc=com
I need to filter and display only groups that begin with “OpenFire”. How would I do this?
Please read this: http://www.igniterealtime.org/community/docs/DOC-1554
At the bottom of the doc are some sample filters. Including group filter with a wildcard.
Yeah I have seen those, and they are what is confusing me.
Where and how do they go in my OpenFire.xml?
openfire.xml (2171 Bytes)
They don’t go in the openfire.xml anymore per say. Almost all server settings are now stored in the openfire admin system properties. Which are accessed via the admin web site for openfire. That said you can add these lines to the openfire .xml fil with teh server stopped. Then start the server and they should copy up to the database correctly. It is still better to edit the system properties for openfire 3.6.x in the admin site.
The group filters system property is ldap.groupSearchFilter
The user filters system property is ldap.searchFilter
The new formats are:
(&(objectClass=group)(cn=LDAPGroup*))
(&(objectClass=organizationalPerson)(|(memberOf=cn=LDAPGroup1,ou=accoun ts,dc=domain,dc=com)(memberOf=cn=LDAPGroup2,ou=SecondaryAccounts,dc=domain,dc=co m)))
Ok, that makes a little more sense to me.
I added the filters, restarted the server.
And now it has totally forgotten about LDAP, I only have one user “admin” and profile settings are back to default.
What is up, it has done this many times to me now.
you need to be certain that the filters you are applying do not eliminate your users. screen shots of your AD tree from Active directory Users and Computers, notes on where the groups reside, and the actual filters you are using would help emensely. If you do not feel safe publishing them here, feel free to send them to me via email.
sorry. the restart without fixed the user lists. now to fix the groups…
I believe we have this resolved for you. Please award points for helpful and correct answers.
Ah did you finally see that in my post above?
Big thanks to Todd, for taking the time to assist me here and offline.
Actually no. I was reading the document and sort of thought through it. I do see your information above. The document needs to be updated to exclude the CDATA information. That was a filter we came up with back in 2006 that worked well on Wildfire and I didn’t need to change it until I put this new box together…
You are welcome. Don’t forget to award points for helpful and correct answers.