In previous versions, we used to be able to have users authenticate with the Wildfire server using AD integration, but then create groups separately and manage roster group membership from within the Admin interface.
It appears this has been removed but again I must be missing something since not everyone runs an AD network.
I’‘m sure I’'m just misunderstanding something here or have something misconfigured. Can someone please help shed some light on this?
I dont want to use AD to publish group membership to the roster since we have 120+ groups and the avg user is in 8-10 groups (so they show up in the client once for every group they are in).
Thanks in advance!
Michael
Openfire currently supports 2 modes for users/group, Local Database and LDAP. There are many flavors of LDAP not just AD (as I am sure you are aware).
With the Local Database you must manually create the users and groups.
With LDAP you must maintain the structure in the LDAP server. This means you need only organise your LDAP structure in such a way that the users/groups you want to be valid for Openfire are in a distinquished OU. The other option is to use LDAP filters to filter out users/groups in Openfire (I can not really help with this).
Oh so I can create a unique OU within AD, make my groups and put my users in them, and then somehow point Openfire to use THAT instead of our default OU?
That sounds like a solution. How do I do that within Openfire once the OU is created??
Thanks!!
M
When you con figure LDAP put a full path to the OU that contains the users/groups for Openfire (OU=accounts,DC=subdomain,DC=domain,DC=com ). I moved all domain accounts to a subfolder of this OU and created a sub OU for the Groups for Openfire. Just be sure any user policies are moved with the users.