Help setting up Openfire and AD

cchurch · February 23, 2010, 4:29pm

I am getting this error on Openfire 3.6.4.

Status: Error

No users were found using the specified configuration. Try changing the base DN, user filter or username field.

I did searched through the Forum, but couldn’t find a solution to my problem, can someone help me out on this please?

My base DN is supposedly right since is tests sucessfully but the User Mapping always fails with the above error. My AD (windows server 2003) structure is as follows (from bottom-up):

Users folder (with department folders inside that and THEN the actual individual users accounts inside those)

OU

domain

.org

(Please excuse my lack of AD structure terms.)

So my base DN is : OU=xxx,dc=domain,dc=org,dc=users

I am using sAMAccountNameI for the Username field, blank for the search field, and

(&(objectClass=organizationalPerson)(memberOf=cn=Users,dc=BHFCU,dc=blackhillsfcu ,dc=org))

for the user filter.

Can anyone please point me in the right direction? Thank you.

NO_MESSAGES_OR_FRIEN · February 23, 2010, 4:39pm

multiple things:

you should not have OUs in the default Users CN
- the OUs should be created in the root of the AD tree and can be nested from there
your baseDN is the wrong structure
- it should go from lowest value to top OU=xxx,OU=xxx2,dc=domain,dc=org
the filter will never work unless your AD domain is BHFCU.blackhillsfcu.org
- dc= should only be used for defining part of the domain name of the domain

cchurch · February 23, 2010, 7:30pm

Thank you for the response.

The problem maybe that our AD structure, then, because we have UOs within OUs within OUs (in our users OU).

It looks something like this:

Users OU > Departments OU> a whole list of different departments all of which are OUs > Users

Could this the issue? If so wouldn’t it be possible to assign the basedn as the Users OU, then set the filter to search for only users within that OU?

Now I have the baseDN as cn=Users;OU=xxx;dc=domain,dc=org and its successful, but stil the user mapping gives me an error on testing.

thanks for any help.

NO_MESSAGES_OR_FRIEN · February 23, 2010, 8:08pm

baseDN must be done from bottom to top: **OU=xxx,**cn=Users,dc=domain,dc=org

cchurch · February 23, 2010, 9:13pm

Ok I put it in that format and it passes the test but it still will not pass the User mapping stage. Do I need to specify a specfic user filter besides the default of “(objectClass=organizationalPerson)”?

NO_MESSAGES_OR_FRIEN · February 24, 2010, 2:10am

do not change any of the defaults for the user or group filters. you can always do that later. just try to get the mapping working for now. set the baseDN, the adminDN, etc.

cchurch · February 24, 2010, 11:30pm

Great. Thank you. That worked.

This may be another thread but any way of telling it to search for groups by AD OUs instead of by actual Ad user groups? Like I said, our structure, I think, seems unorganized.

Thanks.

NO_MESSAGES_OR_FRIEN · February 25, 2010, 12:59pm

You cannot use OUs as groups. Think of them as virtual folders. I would take the time to organize the AD structure it would be of great benefit.