Active Directory Groups Have No Members

Openfire Openfire Support
1

I downloaded and installed Openfire 3.4.1 yesterday and installed it on a development server. I worked to connect openfire to our Active Directory. I am able to see all of the users and the groups, however there are no members in most of the groups. I am not sure what the problem is. Most groups show no members and all of the users show no groups.

Here is what I installed and configured.

  • Windows 2003 Standard Server

  • Microsoft SQL 2005

  • openfire_3_4_1.exe for Widows

I have the following for the LDAP section.

<ldap>

<host>mbnetsvr.something.local</host>

<port>389</port>

<baseDN>ou=groups;dc=something;dc=local</baseDN>

<alternateBaseDN>ou=associates;dc=something,dc=local</alternateBaseDN& gt;

<adminDN>cn=openfire;cn=users;dc=something;dc=local</adminDN>

<adminPassword>Password</adminPassword>

<connectionPoolEnabled>true</connectionPoolEnabled>

<sslEnabled>false</sslEnabled>

<ldapDebugEnabled>false</ldapDebugEnabled>

<autoFollowReferrals>false</autoFollowReferrals>

<usernameField>sAMAccountName</usernameField>

<searchFilter>(objectClass=organizationalPerson)</searchFilter>

<vcard-mapping>…[omitted]</vcard-mapping>

<nameField>cn</nameField>

<emailField>mail</emailField>

<groupNameField>cn</groupNameField>

<groupMemberField>member</groupMemberField>

<groupDescriptionField>description</groupDescriptionField>

<posixMode>false</posixMode>

<groupSearchFilter>(objectClass=group)</groupSearchFilter>

</ldap>

If there is a fix for this, that would be great. Not sure what other information would be helpful.

Thanks for your help.

2

Do you have this in your provider section?

<group>

<className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className >

</group>

If so can you send more of the config?

3

use this as your group filter instead (taking for granted you want ALL AD groups)

((cn=))

This is show you all groups, populated.

4

Thanks for the suggestions above. I was never able to figure this out. The alternateBaseDNwas pointing to my groups OU. This never seemed to work. To resolve this, I removed the alternateBaseDN and moved the Groups OU to within the baseDN. All works now.

Thanks

Jarred

5

EDIT

Nevermind i fixed it :). I forgot you have to actually create a group for IM users because it doesn’t use the Domain Users group. In all my other setups there were already multiple AD security groups, but this is a new client with only 5 users so I was just going to use the Domain Users group. I created a new group and put everyone in there and now all is good.

6

My groups container was not within the primary base DN. I moved the container to within the search base DN and now I have no problems. I am no longer using an alternateBaseDN.

Hope this helps.

Jarred Cleem

IT Manager

Multiband / NASDAQ: MBND

Direct: 701-281-5376

1-866-577-MBND (6263)

www.multibandusa.com

7

Just in case someone else comes across this thread like I did…

My groups were showing, but my group members were not.

My problem turned out to be that ldap.posixMode was set to ‘true’ and needed to be changed to ‘false’. I hope this saves someone some troubleshooting time.

1 Like