powered by Jive Software

Active Directory Groups - Multiple Memberships


We have our system hooked up so our users login with their Active Dir login/pwd. The problem I’‘m seeing is we have LOTS of groups in our AD installation. Many people are members of many groups. There doesn’'t seem to be a way to lock a user into a primary group, they show up in every group they are members of.

Is there any way to fix this?

We are running 3.3.1 - back when this was Wildfire, we had to manually setup groups but at least it gave us control over which groups people appeared in within the Roster list. Maybe I am missing a config step in the new Openfire stuff?



We ended up creating separate AD groups for this reason. So if a user is a member of “groupx”, we also add them to “im-groupx”.

Creating new AD groups doesnt seem a good solution to me, so I am guessing I am missing something.

Right now, we have 120+ groups. Users on average are members of 8-10 groups.

I have used the OpenFire admin page to disable contact sharing for all but the main groups we frequently use, but still people are members of multiple groups.

What we see in our lists varies by which IM client we use, but lets just talk about Spark. Let’'s say the user is Joe Smith.

In Spark, we see Joe’‘s name in every group he’'s in pulled from Active directory. So our roster is ridiculously long and confusing to look at.

In previous versions, we used to be able to have users authenticate with the Wildfire server using AD integration, but then create groups separately and manage roster group membership from within the Admin interface.

It appears this has been removed but again I must be missing something since not everyone runs an AD network.

I’‘m sure I’'m just misunderstading something here or have something misconfigured. Can someone please help shed some light on this?

Thanks in advance!


Message was edited by: dingosatemybaby

I have the same situation. Unfortunately Openfire and Spark are at the mercy of our AD configurations.

This is different than it used to be though, right? It used to be that I could create groups and edit memberships completely outside of AD.

For as long as I have used Wildfire/Openfire in LDAP mode I could not create manual groups. Oh and I see you have now opened a duplicate thread. You may wish to close one of them.