powered by Jive Software

AD setup

Hi,

I started to use AD in order for all of my staff to have a single login for all of the applications.

So, first i tried to use the wizard, but i gave up on that, so i tried to edit the config manually, and i could actually login. Unfortunantly when i restarted the openfire server it erased mostly of my ldap variables and I don’t remember them… This was really annoying, so tried to refill the file, and it keeps deleting the content i’m adding, which is very annoying.

Then i decided to start all over, and I reached the page with the user mapping settings:

http://a.imageshack.us/img713/6938/unavngivetua.png

So, as this are the hopefully default values, i tried to test my settings, and it came up with this:

Status: Error

No users were found using the specified configuration. Try changing the base DN, user filter or username field.

So, here I’m actually out of luck. Any help is much appriciated

I think server is not deleting those values but saving them in the database. What is your base dn value?

What I found that worked for us was a post that had a lot of LDAP basic data. I am using Linux for the Open Fire server so I got a copy of ldapsearch to try to figure this out. THey requirement was to have only a single group have access to the server for IM.

Using the provided name of the group and the LDAP user for search I ended up with and LDAP line for the ldap.searchFilter of:

(&(objectClass=organizationalPerson)(memberOf=CN=IM,OU=Groups,OU=Main,DC=my,DC=c om))

They way I understand this all working, as I am not even an LDAP newbie level, is that the members of the IM group are restricted to use Spark. The rest of it, OU and DC are part of the server setups.

When I ran an ldapsearch with just DC=my,DC=com then it dumped out everything in the LDAP domain including proper contexts for everything including lost of memberOf: lines. I just dug through the long output to keep getting more specific until I got the one like above.

Hope this helps at least some.

cn=User;dc=logon,dc=fusion-gaming,dc=local

I find it quite wierd, that even as my user “useradm” is placed in “Staff” container, it can still authenticate, so maybe I’m doing something wrong?

Screen shot of settings & AD

http://a.imageshack.us/img203/7618/openfire1.png

http://a.imageshack.us/img839/6414/openfire2.png

I think you need an OU setting before CNs. Look at the LDAP settings for the “useradm” account and find the memberOf line. That is a lot of what I had to do to get ours to work.

Hmm… Memberof line says it’s placed in the “users” container, and using this:

ou=Staff;cn=Users;dc=logon,dc=fusion-gaming,dc=local

Doesn’t work :confused:

Try changing the order to have cn first: cn=Users,ou=Staff,dc=logon;dc=fusion-gaming,dc=local.

Also I see that your line seems to have semicolons instead of commas between the staff and users sections.

Yea, I just followed the guide here:

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

It’s using semicolons so…

Thanks for your appriciated assistance so far, but I’m still out of luck, it doesn’t find anything. Maybe I’m using a bad username field? I’m just using the sAMAccountName but i got no idea if that’s the actual field, and I have no idea of the search field either How can i find those?

Plese taka a look here:

http://mreji.eu/content/openfire-active-directory-ldap-integration

Alright, as I had to delete certain OUS i had to go in advanced view, and suddenly i could read the direct path lol…

Any way, I would like to make so only people of a certain group will be allowed to login, how would i do this?

Message was edited by: Mikkel

Case doesn’t matter with “ou”, “cn” and “dc”. Not sure about the actual names of objects.

I tried to do like this when searching for the users:

Nevermind, i looked at Jame’s first post

(&(objectClass=organizationalPerson)(memberOf=CN=IM,OU=Groups,OU=Main,DC=my,DC=c om))

And now i guess everything is good