Help with Groups and AD

My current setup is as follows (logically).

In order to authenticate in Wildfire, you have to be a member of an AD group called ‘‘Wildfire’’. I set it up this way as a small, test-case scenario.

I’'ve since added AD groups within that group called Wildfire, which, Wildfire can see from Step ‘‘3’’ of the LDAP setup via the test button. It displays the groups within the widlfire group and can see the quantity of members, etc. When i go to the Groups Tab under the console, it can see ‘‘some’’ of the groups via a count, but not the names. i.e. It says Total Groups: 2 but the names, members, etc are all empty.

Additionally, if a ‘‘user’’ is not directly a member of the wildfire group–i.e. they’‘re a member of a group within wildfire, they can’'t authenticate and login.

My Goal is to get where I can put people in AD Groups such as Customer Service, IT, Sales, etc… And then put those Groups under my Wildfire Group to enable those users to use IM. (I have groups that i don’'t want in IM and thus the reason for not just adding all groups from the top level dn.)

Additionally, I’‘d like those groups (Customer Service, IT, Sales, etc…) to show up as Wildfire groups and populate on everyone’'s roster.

Any help is appreciated; Thanks in advance.


(& (objectCategory=Person) (memberOf=cn=Wildfire,ou=Groups,dc=company,dc=com) (!(userAccountControl:1.2.840.113556.1.4.803:=2)) (sAMAccountName=) ) (& (objectClass=group) (memberOf=cn=Wildfire,ou=Groups,dc=company,dc=com) (member=) )










It sounds like you are wanting support for nested groups in LDAP. You can vote for this feature here: JM-806.

Wildfire currently does a single LDAP query to authenticate users and build groups (those are the search filters in the XML config file). In order to support what you want, Wildfire would need to do multiple queries to search all nested groups in order to authenticate a user.

With the current functionality, each user and group must be a member of the Wildfire group.

While you’'re voting for features, go vote for JM-865 too.