Greetings all. I hope someone can help shed some light on the issue I’m having.
First, we’ll start with my directory layout. It’s pretty straight forward. No forests.
Domain.com, under domain.com I have an OU by the name of “Openfire”, within the Openfire OU I have a Security Group by the name of “IM”, My user account is a member of the IM security group.
My Base DN looks like this: “OU=Openfire,DC=domain,DC=com.”
Openfire is able to connect to active directory fine using those settings, the test comes up successful.
I am however unable to successfully pull up any user accounts with my active directory query. I’ve tried several variations from pervious forum posts but all have been unsuccessful. Here are a few examples:
Username Field: sAMAccountName
Search Fields: blank
User Filter: (&(objectClass=organizationalPerson)(memberOf=cn=IM,dc=domain,dc=com))
I feel my problem lies within the User filter. I’ve tried several others along with different conbinations of the base DN with no success.
Any thoughts?
I was having a similar problem just a few minutes ago. Turns out that the initial success reported is basically **only **confirming your administrative username and password. If you enable debugging (logging in the GUI window), you’ll see errors for the actual LDAP queries.
I’m pulling these values from the System Properties in the admin interface.
My ldap.baseDN is “OU=sample,DC=sample,DC=local”, note that I’m using an OU not the cn=Users. Be careful with commas vs. semicolons
Since I don’t want everything within that OU showing up, I created a security group grpIMUsers. Within System Properties, that shows up in two places:
ldap.groupSearchFilter = “(objectClass=group)(cn=grpIMUsers)”
ldap.searchFilter = “(objectClass=organizationalPerson)(memberOf=CN=grpIMUsers,OU=sample,DC=sample, DC=local)”
I’m not experienced enough with LDAP and OpenFire to say whether that’s a massive screwup and what I might be losing by it - not sure how AD’s groups really interact with OpenFire and why I’d want them to.
make sure your filter contains the full DN for the group your created from the OU it is housed unter up to the top of the tree, e.x.: cn=somegroup, ou=someOU, dc=domain, dc=com