With OpenLDAP dynamic groups, I cannot manage to get groups to populate correctly in Openfire. The groups have been working fine for quite a while for other things, but with Openfire, it actually pulls the dummy entry for member. Member is a required attribute, so there has to be something there, but in most situations, that is never seen as OpenLDAP replaces it with the results of the search in labeledURI field.
When I watch the logs on one of the LDAP servers while checking a small group I see this go by:
conn=87 op=1 SRCH base=“dc=xxxx,dc=com” scope=2 deref=3 filter="(&(cn=*)(ou:dn:=group))"
conn=87 op=1 SRCH attr=cn description member
slap_global_control: unrecognized control: 1.2.840.1135220.127.116.113
conn=87 op=1 SEARCH RESULT tag=101 err=0 nentries=6 text=
It appears that the ldap server did indeed send 6 results, but they never show up in Openfire’s group list. I’m not sure if this is because Java is trying to use a control that OpenLDAP doesn’t support or not.
This is the entry:
Has anyone else gotten this to work, or is this a bug of some kind?