powered by Jive Software

How to create group rosters from LDAP people location entries?


my current setup:

Openfire (latest version, Linux) running with read access to OpenLDAP.

I cannot change the contents of the OpenLDAP server because the LDAP server gets populated by another system.

  • The LDAP contains (among other stuff): ou=People and ou=Group

  • Base DN used in Openfire is Domain, Top-Level-Domain

  • “Group” contains several groups. ldap.groupNameField = cn .

  • Openfire uses “users” group. This group contains all user names in the field “memberUid” as a list. ldap.groupMemberField = memberUid

  • Since the base DN is so broad, I use a filter: ldap.groupSearchFilter = (cn=users)

  • This gives me a group roster in Openfire which contains all users in the “users” group. These are all people in my company.

So far, so good.

What I want to do:

I want to have different group rosters for each branch office. So, separate group rosters for people from New York, from Berlin, from Paris… You get the idea.

  • The only place where this information is stored is in ou=People.

  • Every uid (every person) contains a field “location”.

The big question:

How should I configure Openfire in order to read the LDAP in a way that it creates group rosters for every location?

This is how I handle groups…but you should be able to add a filter that looks at the “location” attribute

How to Setup Authentication Groups with LDAP/AD

Sorry, but I don’t know how to do that. I tried many different things but the best result I could get is that for every person in People a group is created which is named like the location. So, … Paris would be present about 50 times meaning I get 50 Groups that are named - nothing! Nothing because the location name appears several times and it seems that Openfire does not like this very much.

Is it really possible to gather members and add them to a group by means of a ldap filter? It seams to me that Openfire expects a group or several groups in LDAP that contains a list of all users - prepopulated!

If it is possible to get a group only from people entries - without any prepopulated groups - then please enlighten me how I could do this via ldap filters because as far as I got, this does not seem to be possible.

Nothing worked. So… I used mailing lists Groups. Not pretty but it does the job.

A warning / advice:

When you use a full email address as username… you have to exchange the @ in the user name to \40 when you want to login with Pidgin. Otherwise it is not a valid XMPP id.