Auto add users from AD

hi there.

i hope i’ve open this on the correct thread, but i’m not sure if this is more related to the client side. if it is, please have some mod move it.

question 1: i have installed openfire on the server (which has our AD, windows server 2k3 SBS), and i’m installing spark on the computer.

when possible using SSO (window 2000 doesnt seem to work, but XP works fine).

but i would like for all user to automatically see all company users without the need to add them and request authorization.

is this possible?

question 2: also, the main reason i choose openfire/spark is for internal file transfer and small communication messages, but when on the server i try to set the server and port setting for file transfers, when I save, it reverts to the old state, even though it says it is saved.

is this a know bug, or do i have to change something on the server to allow files transfers?

does openfire/spark support p2p or is it always use a server?

question 3: from what i’ve read on the forum using OF on the ISA server doesnt allow it to connect to other IM services. is this confirmed?

i would like to authorize certain user to set their MSN/XMMP account too.

thanks in advance.


Question 1: The easiest way to set it up for everybody to see everybody is to enable sharing on the Domain Users group. You can do this by going to the Users/Group tab and then search for Domain Users.

Question 3: Yes, download the IM Gateway Plugin. It will allow you to authorize certain users and groups so that they can use MSN (or other IM services). If you combine this with windows firewall and ipsec, you can really make sure no one but the authorized users can leave your domain.

Sorry that I can’t help on question 2.

Thanks Jmoody.

Q1: is that on the server or th client (spark) ?

i did the search, but adding a user still requires the other to authorized.

on the server, there is a base DN for the users group.

Q3: i have it installed, and i do see all protocols, but when i test any of then, i always get a balloon saying it failed, without any other detailed information.

the server has open outgoing ports for MSN and XMMP.

Question 1: That is on the server. I attached a few screenshots of what you should be looking for. Doing it this way should require no user action.

Question 3: Do your logs in Spark or Openfire show any errors? After you have installed the gateway plugin, can you do a test connection? If so, does that pass or fail? Do you have any options checked and have you set up who the permissions on who can access it and who can’t?

Double Post-----Sorry…

Q1: You need to have an AD group contained within your baseDN of openfire that has all your AD users in it. This group then needs to be shared in openfire via the Users/Groups tab (see attachment). The Share with additional users may be redundant. Additionally you can install the Subscription plugin and configure it to accept local. This will remove the need for approvals for the addition of users to rosters if both users have accounts on the same openfire server.

Q3: Your ISA server is probably blocking the ports specific to the other protocols. you should open those ports listed for each protocol. if they still do not work check the logs of your ISA server to see what it is blocking from your openfire server.

Q2: Can you provide a screenshot of where you are trying to edit this information. The connection is through the server for file transfers via port 7777 I believe.

Q1: i had no groups.

trying to create one there got me an error:

Error creating the group. Please check your error logs.

Logs show:

2008.07.14 13:46:55 org.jivesoftware.openfire.admin.group_002dcreate_jsp._jspService(group_002dcreat \
at org.jivesoftware.openfire.ldap.LdapGroupProvider.createGroup(LdapGroupProvider. java:68)
at org.jivesoftware.openfire.admin.group_002dcreate_jsp._jspService(group_002dcrea
at org.apache.jasper.runtime.HttpJspBase.service(
at javax.servlet.http.HttpServlet.service(
at org.mortbay.jetty.servlet.ServletHolder.handle(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage( 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(
at org.mortbay.jetty.servlet.SessionHandler.handle(
at org.mortbay.jetty.handler.ContextHandler.handle(
at org.mortbay.jetty.webapp.WebAppContext.handle(
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect
at org.mortbay.jetty.handler.HandlerCollection.handle(
at org.mortbay.jetty.handler.HandlerWrapper.handle(
at org.mortbay.jetty.Server.handle(
at org.mortbay.jetty.HttpConnection.handleRequest(
at org.mortbay.jetty.HttpConnection$RequestHandler.content( )
at org.mortbay.jetty.HttpParser.parseNext(
at org.mortbay.jetty.HttpParser.parseAvailable(
at org.mortbay.jetty.HttpConnection.handle(
at org.mortbay.thread.QueuedThreadPool$

Q3: scratch that.

i had ports open only for internal network to the external interface. not localhost-> external.

tested with msn with success. xmmp doesnt show anything. nor error nor success.

will investigate

All groups must be created via AD Users and Computers MMC. You cannot create groups via Openfire once it is configured to LDAP mode without editing the openfire config to make it not look to AD for groups. if you are not seeing any of your AD groups I would have to say they reside in a location in AD outside your BaseDN that had configured when you setup openfire.

This is what i have on the Profile settings:

LDAP Settings




Base DN:


Administrator DN:


This is after i active… it gives sucess, but just goes back to disable

i’m sorry, but i’m unable to figure it out.

I just checked the ad connection, and its all default values, unless i need to change something in there…

also the user (helpdesk) is just a regular user, no Admin priveleges, as it was just for read-only access. should i change it?

I sent you a Private Message with some information I need that should not be posted in an open chat.

I sent you back an edited openfire.xml that should allow groups to populate. As for the file transfer setting. that is stored in the database. If it is not updating I would question the ability to write changes to the database. Check the permissions of the user you are using to connect to the database. They may need more rights to the mysql database.

thanks… that seems to have fixed it.

i can now see all groups, and i’m restarting spark to see if i can see all users.

the DB is the internal OpenFire DB.

I tried MySQL but got lots of java errors, so i changed to internal db, and it worked.

i’ll have to test if p2p is working, asinde from what the setting mentions.

This must be frustrating answering the same questions over & over.

We have our groups pulling from AD with no users just like the posts above. I have been watching this thread because it is dead on with our issue.

The only list that does not pull into spark is the “Users” list from AD. In spark we can search for any employee, but they are not contained in any group.

Now, even if we make a group called “sparkusers”, how can we make users from the user group populate the said spark user group.

You mention the permissions of the user were using to connect to the database.

On a standard setup, do you create a user & group for spark? If so can you detail that aspect a bit more.

It seems we are close to getting openfire to push the contact list into spark -if we could only have users populate into the groups.

thanks for your time.

from what i’ve learned, you only need to use the base dir of the users group on your AD, and then you will see then, as in the screenshoots above.

after that just search for that special group you have, and allow it to be used to shared contacts with everyone.

You marked your question as answered. If you have further issues I will gladly help. Please open a new discussion with the issues you currently have.

it only remains Q3- file transfers.

but i’ll test it a bit, and open a new post if needed be.

thanks so much for your help