powered by Jive Software

LDAP/AD Group Mapping Setup

I’‘m kinda stuck here, and at a rather simple place I believe. I’'ve got Wildfire 3.2.2 installed and working on a 2K3 server with MySQL as the database. I have the AD info entered correctly, to the point where any AD user can logon as expected.

The problem is with the group mapping, specifically the initial configuration. The screen has three fields:

Group Field = cn

Member Field = member

Description Field = description

I’'ve kinda been learning this as I go, so I apologize in advance for a stupid question, but what do I need to put in here. If I test with the defaults I get an error:

No groups were found using the specified configuration. Try changing the base DN,group filter or member field.

my user accounts are located here:

ou=users,ou=jax,dc=xxx,dc=xxx

and the groups are located here:

ou=groups,ou=jax,dc=xxx,dc=xxx

Now I thought maybe I could just bypass the LDAP/AD groups and make a wildfire-only group, but when I try to create a new group I get an error saying it can’'t complete and to check the logs. A quick check of the logs reveals this:

2007.03.13 13:07:23 [org.jivesoftware.wildfire.admin.group_002dcreate_jsp._jspService(group_002dcre ate_jsp.java:123)

]

java.lang.UnsupportedOperationException

at org.jivesoftware.wildfire.ldap.LdapGroupProvider.createGroup(LdapGroupProvider. java:67)

at org.jivesoftware.wildfire.group.GroupManager.createGroup(GroupManager.java:157)

at org.jivesoftware.wildfire.admin.group_002dcreate_jsp._jspService(group_002dcrea te_jsp.java:105)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

So I’'m lost…any ideas?

Regarding the error logs: once you turn on LDAP groups, you can’'t create groups in Wildfire. The LDAP provider overloads the group creation functions and will through an error – LDAP is read-only.

Your group fields are right. Try these advanced settings:

posix mode: false

group search filter: (objectClass=group)

base dn: ou=jax,dc=xxx,dc=xxx

See if that finds any groups.

Looks like that’'s what it was…at least, changing the base DN. After I did that, I had to setup filters for the users and groups, but it all works nicely now! Thanx for the tip, put my in the right direction!