I have set up Openfire to use LDAP (Active Directory) groups. This works fine, I see all the groups and their members.
When I select a group, “enable contact group list sharing” is enabled, but no group name is given. Therefore the group is not enabled as a shared group. As soon as I enter a name for the shared group, the group becomes visible in Spark.
Is it possible to have LDAP groups automatically shared (using the LDAP group name as contact group name)?
Thanks,
Michael
Personally I do not want this feature. I only share the needed groups, and my active directory naming convention is not very user friendly (no spaces, etc). The way it is right now gives me more control.
Yes, I see why this might be a bad idea in many environments. However, it would be a nice option for those who want it (especially when combined with powerful LDAP search filters).
This would be handy if you could specify a base Group DN separate from the Base DN. I don’t know about the rest of the user base, but I store users and groups in separate OUs. To be able to allow OpenFire to see both my groups and my users I have to set the base DN at the root of my AD tree. This means that it finds ALL users and ALL groups, including computers and system groups. It makes for a very cluttered openfire database.
Also, it would be nice if we could find a way to handle duplicate roster entries for users in multiple groups.
M@
I’d agree. It’d be nice if you could specify multiple base DN’s. I too separate a lot of my Users and Groups into different OU’s, I also provide Virtual Hosted AD’s within my Primary AD domain and would like to not include my virtual hosted users.
DK
This is actually very easy to accomplish with the proper ldap filters.
I use a single domain group in AD to control all users and group membership.
When configuring the search filter for user and groups use the memberOf= and the groups DN. Then you can create new groups for the roster and make them (and the users) a member of this “spark control” group. This way you only need one search base and can setup groups that are AD pretty and used only to populate the group roster.
example search for Groups.
(&(objectClass=group)(memberOf=CN=SparkIM,OU=DomainGroups,DC=example,DC=com))
Hope it helps.
cj
I have also been searching for a way to automatically publish all groups imported from an external source (in our case, Active Directory as well).
We have several hundred groups in our organization in different OU’s, and have extended the schema on group objects to included a boolean attribute that when set to TRUE is filtered by Openfire, delivering only the appropriate groups.