Ldap, AD, Groups using OU

I would be GREATLY appreciative if someone could help me with the following…

  1. I cannot get into the admin console with any of my usernames once I edit openfire.xml . I get “Login failed: make sure your username and password are correct and that you’re an admin or moderator.” When I revert back to the original openfire.xml everything is back to normal.

  2. I want to auto populate my buddy list with groups using OUs in AD. Please see the attachment for my AD structure. All OU’s under “Users” should be a seprate group.

I’m new to this and I have been trying to work on this by searching the board but had no luck. Please help

testwork.net 389 ou=users,dc=testwork,dc=net testwork\Jabber ********************** true false false false sAMAccountName <![CDATA[

Your search filter will never work as wild cards are not valid. I have made this document to aid people use openfire with AD: Binding Openfire to Active Directory LDAP. I would suggest putting your search filter back to the default: (objectClass=organizationalPerson).

OUs are not groups and cannot be used as groups. You need to create real AD group objects to have groups in openfire. Once you create groups in AD they will populate to openfire. You then use the openfire admin site to share those groups to the client applications.

I read your article and did the following…



I can’t even get connected. What am I doing wrong?

Try this:

<searchFilter> <![CDATA[[&(objectClass=organizationalPerson)(memberOf=cn=ldap group,ou=Groups,ou=Jabber,ou=Users,dc=testwork,dc=net))]]></searchFilter>

Thanks for the help but we’re not going to use openfire. Our unix guys talked me out of it.

Ok… and your welcome. Why would they talk you out of it? What reasons did they give? What is your alternative?