powered by Jive Software

AD users in multiple OU''s

Our AD environment has users split up into multiple OU’‘s. When adding the to the wildfire.xml config, it won’'t search users down the tree… just the current OU that is specified in the baseDN.

I added a group called Jabber to that OU, to see if that would work, but only the users in the baseDN OU show up.

Any ideas?

Thanks in advance!!!

Here’'s an idea: set baseDN[/b] to a BASE[/b] DN.

For example, say you have your users in following two OUs:

ou=Some Users,dc=example,dc=com

ou=Other Users,dc=example,dc=com[/code]

To get all your users, set the baseDN[/b] to this:

dc=example,dc=com[/code]

I have the baseDN set to DC=company,DC=com. So you would think it would search the whole tree, but it doesn’'t.

From what you are saying, it should search for users in any container below the baseDN, but it’‘s not working that way. Here’'s my config:

cn member description <![CDATA[
      (&
           (objectClass=group)               (memberOf=CN=Jabber,OU=morespe cificOU,OU=subcompany,DC=company,DC=com)
           (member=)

)]]>

Message was edited by: evinh

Any idea on this? I’‘ve also tried the tag with the OU’‘s where other users exist, and it still doesn’'t work. The only way it works is if users exist in the specific OU listed as the baseDN.

Thanks!

Try testing your search filters with LDAP Browser 2.6 http://www.ldapbrowser.com/. LDAP queries should traverse the sub-containers. I’‘m not sure why it’'s not working for you.

The search filters are working great. However, I did find that users outside of my context can log in fine, who are members of the group.

My context in AD contain’'s this… OU=Information Software / Technologies

Would the “/” be throwing off wildfire? It seems anyone outside of this can log in fine. However, when I add that OU as part of the baseDN, it works fine, except then my other users don’‘t show up because they’'re in other parts of the tree.

Interesting. I did find a bug relating to a “/” in a userDN, but not in an OU.

Any thoughts?

Message was edited by: evinh

Take the slash out and see what happens. This may be the bug detailed in JM-695.

Yeah, I saw that bug, and I agree, it’‘s probably the same thing. I’'ll give that a shot and see what happens.

thanks!

it was the “/”. Obviously LDAP doesn’‘t care, but for some reason the java code behind wildfire didn’'t like it. everything works great now! Thanks.