powered by Jive Software

JM 2.3, LDAP, Windows 2003 Active Directory, Shared Groups

As requested, opening a new thread regarding shared groups issue.

I’'ve got a JM 2.3 server on my DMZ talking through LDAP to my Win2K3 AD server on the internal network for user authentication.

Noting that JM only pulls over distribution groups (from what I can tell, only Global distribution lists at that) and not mail-enabled security groups from AD, I’'ve gone ahead and created a ‘‘Jabber’’ distribution group and thrown in a handful of beta testers.

On the JM web console, it immediately picks up on the presense of the AD distribution group showing the correct number of users that I’'ve added, but listing no admins.

The group has been enabled with the following:

  • Enable sharing group in rosters

  • Been given a shared name of ‘‘Staff’’

  • Show group in all users’’ rosters

No users have been added explicitly through the web console.

Logging into the Spark client, the Staff group only shows up if I enable ‘‘Show Empty Groups’’ and I have exactly zero members showing despite the floating menu stating that ‘‘Staff (0 online) is a Shared Group’’.

My server config settings were posted in the AD thread this morning.

Any takers?

I’‘ve also noticed that for some reason, with LDAP functionality enabled, I’'m unable to create a ‘‘local’’ group through the web console. Is that expected functionality?

I’‘m gonna dive in and guess but I think the main problem lies in your “BaseDN” you have it with “Doamin Users” as it’'s base OU so it should only be showing you the gropups in that folder… I know in my A/D I have very few groups in that OU…


and then use a search filter to limit your results…

And for your other question yes when you specify the LDAP group provider all group activies go through that provider (not in the DB anymore) and LDAP is read-only so you can not create a group unless you do it in A/D… Good luck write back if you need help I’'ve got a relatively stable version running on my A/D…

Do I have to have a search filter or can I start with no filter configured? So far I am not getting any hint that I have connected to LDAP. The debug.log does tell me that a new LDAP manager has been created to my Windows 2000 AD

2005.11.29 20:06:26 Created new LdapManager() instance, fields:

2005.11.29 20:06:26 host: cheetah1.mydomain.com

2005.11.29 20:06:26 port: 389

2005.11.29 20:06:26 usernamefield: sAMAcountName

2005.11.29 20:06:26 baseDN: DC=mydomain,DC=com

2005.11.29 20:06:26 alternateBaseDN: null

2005.11.29 20:06:26 nameField: displayName

2005.11.29 20:06:26 emailField: mail

2005.11.29 20:06:26 adminDN: cn=administrator,dc=mydomain,dc=com

2005.11.29 20:06:26 adminPassword: ********

2005.11.29 20:06:26 searchFilter: (sAMAcountName=)
2005.11.29 20:06:26 ldapDebugEnabled: true
2005.11.29 20:06:26 sslEnabled: false
2005.11.29 20:06:26 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2005.11.29 20:06:26 connectionPoolEnabled: true
2005.11.29 20:06:26 autoFollowReferrals: false
2005.11.29 20:06:26 groupNameField: cn
2005.11.29 20:06:26 groupMemberField: member
2005.11.29 20:06:26 groupDescriptionField: description
2005.11.29 20:06:26 posixMode: false
2005.11.29 20:06:26 groupSearchFilter: (member=)

Am I missing something?

Also when I am using the client how to I setup the account to use the LDAP accounts? username@???

Thank you for any assistance.