Hello,
We have OpenFire setup in our company since few months ago. Because strategical reasons few weeks after we launch, the chat service was reduced to 2 ou’s instead of the whole AD; the AD structure is as follows:
OU - CompanyOus
|----ou City1
|----ou City2
|----ou City3
|----ou City4
|----ou City5…
So what we did was to point* baseDN* and *alternateBaseDN *tags to the only 2 ou’s of citys that should have chat service, and openfire.xml config looks like this:
ou=City1,ou=CompanyOus,dc=Company,dc=com
ou=City2,ou=CompanyOu2,dc=Company,dc=com
Everything works fine this way, but now I have to include two more ou’s (let’s say City3 & City4). The tag alternateBaseDN can only be used once, so I’ve tried a pair of workarounds:
1st. Regarding this documentation http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html I could include a group in BaseDN in form cn=group, so I’ve tried:
cn=OpenFireUsers,ou=City1,ou=CompanyOus,dc=Company,dc=com
Where “OpenFireUsers” is a group in ou City1 that contains 4 groups, each one containing all the users that belong to City1, City2, City3 & City4. Unfortunately it did not work.
2nd. As I’ve read in another thread, I’ve created a filter for this “OpenFireUsers” group to choose the ones that have rights to login to the chat, using this tag:
ou=City1,ou=CompanyOus,dc=Company,dc=com
I didn’t work neither.
The point is that we have applications that point to “CompanyOus/City1…, CompanyOus/City2…” so I’m trying to avoid to restructure again the whole AD to let the users access to chat.
Anyone with a similar situation setup? Anything wrong with the syntax of the filter? Should I create a new OU only for chat permissions including security groups of allowed users in chat?
Any help would be appreciated. Thanks!