Sorry about that, I can reply more later tonight, but here’'s a little bit…
Basically (from memory), we have to tell Openfire to get groups from LDAP by changing the configuration (conf/openfire.xml) to use the LdapGroupProvider and by setting the GroupSearchFilter to tell the LdapGroupProvider where to find your Active Directory groups (full working config below).
For me, this is how it works… I add a user to a “Wildfire Users” group in Active Directory, then that user is able to successfully log in to Spark using their AD username/password. (I think this is where you’‘re at right now). Then, I add the user to a second group (wf_GROUPNAME for me). My GroupSearchFilter searches for any group that starts with “wf”, and uses those for openfire’‘s groups. I have about 5 “wf_” groups, each corresponding to a particular group in Openfire. (these groups can be called whatever you want- you just need them to match what you’'ve configured in conf/openfire.xml)
Once that’'s all done, you should see the groups show up in the Openfire admin interface (might require restarting the openfire service). However, they will not show up by default to all users when they log in. To do that, you can go into the Admin interface and check “Enable contact list group sharing” for each group. Then “Share group with additional users”, and choose All Users (or choose just the groups you want that group shared with).
The end result for us is that when a user logs in, they automatically see all the users in all groups. If we have a new person come on staff, we just add them to our Wildfire Users group in AD, then also to the appropriate wf_XXXXXXX group in AD. Once openfire has reloaded the LDAP data, that user can log in and immediately see everyone! No need to manually add contacts. In addition, the new person show up to other users automatically (unfortunately, only after those people log out then log back in).
If a person moves to another location (i.e. to a satellite office), we just change what AD groups they are in and they are automatically moved to the correct openfire group. Everyone’'s groups update automatically the next time they log in. Its great
The only improvements I could ask for so far would be the ability to force openfire to reload its ldap config (so I don’'t have to wait for it) and that the roster changes for any new users would be sent out to currently logged in users without having to log out and back in).
Here’'s our config… It also includes a mostly-working vcard mapping for Active Directory (not to be confused with fully working )…
<?xml version="1.0" encoding="UTF-8"?>
This file stores bootstrap properties needed by Wildfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
Most properties are stored in the Wildfire database. A
property viewer and editor is included in the admin console.
<!-- root element, all properties must be under this element -->
<!-- Disable either port by setting the value to -1 -->
<!-- Use this section to define users that will have admin privileges. Below,
you will find two ways to specify which users are admins. Admins will
have access to the admin console (only local users) and may have also access
to other functionalities like ad-hoc commands. -->
<!-- By default, only the user with the username "admin" can login
to the admin console. Alternatively, you can specify a comma-delimitted
list usernames that should be authorized to login to the admin console
by setting the <authorizedUsernames> field below. -->
<!-- Comma-delimitted list of bare JIDs. The JIDs may belong to local
or remote users. -->
<!-- <authorizedJIDs></authorizedJIDs> -->
<!-- Example LDAP settings -->
<!-- End example LDAP settings -->
<!-- End example LDAP settings -->
Message was edited by: peted20