powered by Jive Software

LDAP authentication using groups does it works?


I’m trying to use openfire with LDAP, it works like a charm except when i m trying to use groups. Here is my problem.











in my LDAP , i have this

dn: ou=jabber,dc=mydomain,dc=com

objectClass: groupOfNames

objectClass: top

cn: jabber

description: user group

member: uid=my.user,ou=Users,dc=mydomain,dc=com

And then

dn: ou=Users,dc=mydomain,dc=com

objectClass: organizationalUnit

ou: Users

dn: uid=my.user,ou=Users, dc=mydomain,dc=com

objectClass: top

objectClass: inetorgperson

objectClass: person

objectClass: posixAccount

objectClass: shadowAccount

uid: my.user

mail: user@domain.com

uidNumber: 5000

userPassword: g7uZvsnCbGXiPyyUDGOxqEQZu

loginShell: /sbin/nologin

gidNumber: 5000

When i’m trying to authenticate , it doesn t work, and i don t know why. If someone can show me the way

If I remember right, Openfire is looking for groups to be defined differently- basicly the “members” of the group in ldap should be the usernames, not the full DN’s. Im uncertain without looking in the source if Openfire can handle the dn-style groups.

thank you, so i well understand, i should use some thing like :

dn: cn=jabber,dc=mydomain,dc=com

objectClass: posixGroup

objectClass: top

cn: jabber

**userPassword: ***

gidNumber: 5000

memberUid: user1

memberUid: user2


Thanks 4 ur Help


That has worked for me.


It s very strange , is it the first solution working for u ? (The authentication with DN’s) , or the second with memberUid ?

Thank you very much for your time


Can you please copy and paste your ldif files and you openfire.xml , to help me to find my mistake ?

thank you