volkan
January 28, 2010, 8:08am
1
Hi, we have here the latest Openfire 3.6.4 server and Spark 2.6 Beta2 clients… user Accounts are mapped via the AD/LDAP service.
What i noticed is that even in spark and on the server console the users are allways displayed with there logon name instead of the cn/displayname from the ad…
Where can i change that behaviour in spark so that the contacts/users are displayed with the displayname?
And is it possible to limit the openfire/spark access to a ad windows user group?
thx
Volkan
Rob_M
January 28, 2010, 9:31am
2
To change the name shown for AD users change the following Server Property in Openfire:
ldap.nameField to either cn or displayname
You will need to restart Openfire for this to take effect
You can limit access to Openfire to a members of a specific AD group by changing
ldap.searchFilter
e.g. I use:
(&(objectClass=organizationalPerson)(memberOf=cn=Openfire-users,cn=Users,dc=comp any,dc=local))
Where Openfire-users is a group within Users.
You can also limit displayed groups (this supports wildcards)
ldap.groupSearchFilter
(&(objectClass=group)(cn=Openfire-*))
All my Openfire users are members of a ‘master’ AD group (Openfire-users) which allows them access to Openfire, and are also members of other groups (e.g. Openfire-admin) for organisation/rosters.
1 Like
volkan
January 28, 2010, 9:41am
3
thanky ou rob_m
i dont have a ldap.fieldname propertie!?
i just have this ones for ldap:
lldap.adminDN
ldap.adminPassword
ldap.autoFollowAliasReferrals
ldap.autoFollowReferrals
ldap.baseDN
ldap.connectionPoolEnabled
ldap.debugEnabled
ldap.emailField
ldap.groupDescriptionField
ldap.groupMemberField
ldap.groupNameField
ldap.groupSearchFilter
ldap.host
ldap.ldapDebugEnabled
ldap.nameField
ldap.override.avatar
ldap.port
ldap.posixMode
ldap.sslEnabled
ldap.usernameField
ldap.vcard-mapping
should i add the propertie maually?
thx
Volkan
Rob_M
January 28, 2010, 10:03am
4
Sorry my mistake!
Should be ldap.nameField - I have corrected my post above
volkan
January 28, 2010, 10:09am
5
thx, i had cn has default inside… changed ldap.nameField from cn to displayName and restartet the openFire server… same result, just the logon name are visible on the spark clients (?)
did i miss something?
Rob_M
January 28, 2010, 10:15am
6
What is shown in the Openfire admin console?
Is the displayname actually correct for all users AD accounts?
I use jxplorer to test LDAP queries.
I also have a second test Openfire installation that I trial these changes on first.
volkan
January 28, 2010, 10:58am
7
on the server console > sessions, i see just the logon names
Please check my config screenshot
Rob_M
January 28, 2010, 11:14am
8
Sessions are based on the ldap.usernamefield, which by default is sAMAccountname. This is a unique field in AD.
However the name that is displayed is based on ldap.namefield (displayName in this case). This is not unique, so cannot be used as a session login.
What is listed in Users in the Openfire admin console?
Username should show the sAMAccountname.
Name should show the displayName.
volkan
January 28, 2010, 12:09pm
9
Username is the sAMAccountname and Name is the displayName.
Is there a special setting on the spark client?
On “ldap.nameField” i have cn inside, if i change to displayName, no logon are possible!?
The name on the session tab are only as sAMAccountname displayed…
any other idea?
Volkan
Clear all openfire caches then quit spark, and restart openfire. If that does not work delete the spark user information from the user’s profile in windows. You can leave the spark.properties file.
Also your vCard settings are wrong. I see in them. there should not be breaks in there. Use the settings here: http://www.igniterealtime.org/community/docs/DOC-1773
Rob_M
January 28, 2010, 12:29pm
11
Username is the sAMAccountname and Name is the displayName.
That is what I would expect, and should give the desired results.
Is there a special setting on the spark client?
I don’t use Spark, but see sixthring’s response.
On “ldap.nameField” i have cn inside, if i change to displayName, no logon are possible!?
I don’t know why you would get this result, although setting ldap.user nameField to displayName, would cause this.
However showing displayName as Name in Users implies this is set to displayName?
The name on the session tab are only as sAMAccountname displayed…
That is correct.
volkan
January 28, 2010, 12:33pm
12
thanks sixthring, i have now
closed spark
replaced the vCard setting with the one from the DOC
replaced the ldap.nameField to displayName
cleared all caches on > server management > cache summary
restarted openFIre
started spark
result, same
Volkan ?
Purge the stuff out of the spark folder in the user’s profile. only keep the spark.properties file.
Rob_M
January 28, 2010, 1:59pm
14
It may also be worth logging in to Spark as a different user, or on a system that hasn’t run Spark before.
That way you can check that the correct details are being pushed to the client.