ActiveDirectory User Filter questions

Eric10 · December 7, 2007, 4:28pm

Hello,

I am trying to incorporate OpenFire into our Active Directory (2003). I have created a “ChatUsers” group (Security Group - Global) and added 3 test members to the group. Here are the settings I’m using:

Server Type: Active Directory

Base DN: cn=ChatUsers,cn=Users,dc=domain,dc=com

This comes back as successful. The next step is the User Mapping. Here are the settings:

Username Field: uid

Search Fields: (none)

User Filter: (objectClass=organizationalPerson)

This comes back with an error and is unable to load the User list. So I take out the User Filter and leave it blank. Now it comes back with only one User, and it’s the ChatUsers group (really a group, not a user).

So I downloaded the LdapSearch 1.2 to try and figure out the right LDAP query to get this to work. I am able to see the members of the group from this LDAP query:

Base DN: cn=ChatUsers,cn=Users,dc=domain,dc=com

Filter (query): (objectCategory=*)

This returns:

LDAP Search started …

Host = 10.220.2.31

Port = 389

Connection Type = Non SSL

Timeout = 10

STEP 1 => Performing LDAP initialization

LDAP initialization completed

STEP 2 => Performing LDAP simple bind…

LDAP bind completed successfully.

STEP 3 => Searching on the server …

Enumerating attributes for DN : CN=ChatUsers,CN=Users,DC=domain,DC=com

objectClass = top

objectClass = group

cn = ChatUsers

member = CN=Test User1,OU=City,DC=domain,DC=com

member = CN=Test User2,OU=City,DC=domain,DC=com

member = CN=Test User3,OU=City2 Office,DC=domain,DC=com

distinguishedName = CN=ChatUsers,CN=Users,DC=domain,DC=com

instanceType = 4

whenCreated = 20071206190929.0Z

whenChanged = 20071206190956.0Z

uSNCreated = 1899892

uSNChanged = 1899898

name = ChatUsers

objectGUID = vÓpÚÞ"Mª ÉäobjectGUID = vÓpÚÞ"Mª Éä%s

objectSid =

sAMAccountName = ChatUsers

sAMAccountType = 268435456

groupType = -2147483646

objectCategory = CN=Group,CN=Schema,CN=Configuration,DC=domain,DC=com

LDAP search completed

So I do see the 3 members of the group in this query, but I can’t figure out what I need to change the query to to pull back the members list so OpenFire can read them in. Can anyone help me here?

Thanks in advance.

papawu · December 7, 2007, 4:32pm

(&(objectClass=user)(memberOf=CN=ChatUsers,ou=Users,dc=domain,dc=com))

that is if the chatUsers group is located in the Users OU

Eric10 · December 10, 2007, 3:23pm

Hello papawu,

This isn’t working for me, and I think it’s because the users aren’t necessarily part of the OU=Users. There is an OU for each branch office we have, ie OU=Atlanta and OU=Chicago, etc.

how should I approach that?

papawu · December 10, 2007, 3:28pm

Try

(&(objectClass=user)(memberOf=CN=ChatUsers,dc=domain,dc=com))

Kevin_Smith · December 10, 2007, 3:36pm

I ran into the same issue. I finally used (objectCategory=person) which displayed the users.

Eric10 · December 10, 2007, 4:46pm

That was the one! Awesome, thanks!