powered by Jive Software

How do I allow a user who was created in a different domain access to Spark?

Every user in my domain is a part of a group I will call X_Users in the X.BAR.edu domain (as an example, that’s not the real name).

We have a new hire whose credentials are used at another branch and was created under just the BAR.edu domain.

I can’t add him to the X_Users group because it doesn’t allow global groups to have a cross domain member.

He logs into our systems fine with his account, I just can’t figure out how to give him access to Spark.

We run Win10 Pro, each user has a domain account at a user level in X.BAR.edu, except for the new guy who is located in BAR.edu

Does this make any sense or should I try to explain it a bit more?

I can’t create a new account for him since he uses the same account at his other location. I am not sure if this is SPARK or Openfire related so I made a topic in each.

As Openfire doesn’t support multi-domain setup, i guess it also extends to LDAP integration, but i will let @speedy comment on that. I’m not sure if x.bar.edu and bar.edu are two distinct domains in your case. Btw, you XMPP domain is probably x.bar.edu (shown on the first page of Admin Console)?

An excerpt from conversation in Open Chat room:

(21:50) Speedy: wroot: if there is a trust, then they could probably point to the root of the forest instead of the domain
(21:50) Speedy: err…backup…if the domains are part of the same forest…then they could point to the forest, and not the domain
(21:50) Speedy: that might work…
(21:50) Speedy: another option may be to setup another instance and use s2s…
(21:52) Bruno Peralva: This works, Openfire does not know if they are different domains, they bring everything
(21:52) Bruno Peralva: The problem is if you are different domain with trust
(21:53) Speedy: different domains with a trust might work if local security groups are used
(21:55) Bruno Peralva: Truth

i was just about to sign in and comment on this!!

but yes…if the domains are part of the same forest, change your base dn to the root of the forest, and for port, use the global catalog port. this should work

Thank you! I got it working. I had to do a little configuring of the search parameters to only list users who were a member of a specific group, change the port to 3268 to search the global catalog and viola, the one person I had to go through all the trouble for can now log into spark.

1 Like