I’'ve successfully set up messenger using ldap as the authentication store which works great.
A couple of things need to be configurable to make this work in a large environment. Since messenger queries ldap, any users in ldap are deemed ‘‘valid’’ users. I’'ve got a samba domain in ldap with about 700 users and if we went live with this, we would need some way of filtering on an attribute or group who was allowed to login to use jabber.
A possible solution would be to use ldap groups as in JM-129 as white or black lists, or make a configuration option for an ldap search url matching on a specified ldap attribute.
Another issue I had was vcard information getting populated from ldap, but I see JM-121 will take care of that.
List and count of users. The current search for users is “(uid=*)” where uid is the username field you’'ve configured through LDAP settings. We could have an optional property that would allow you to override that search with something else.
Loading a single user. Right now that test is “(uid=jsmith)”, again assuming that your username field is set to “uid”. Would being able to override that search work for you? The syntax would be to have a portion be the username. So, you could enter in “((uid=$username$)&(isUser=true)” and Jive Messenger would dynamically replace $username$ with the username being searched for.
We’‘ll get this added for the 2.1.1 release. It’'s in the issue tracker as JM-130. If you have a sec, visit the the issue and vote for it. Votes on issues help us prioritize new features.
I am authenticating to an AD LDAP server. Would the searchFilter allow me to search through only two AD user containers? If so how would craft the search query?
I want to do this because when I set the baseDN to low I get system accounts and mailboxes. Unfortunately I cannot define one baseDN because of multiple containers for security policy reasons.
I am authenticating to an AD LDAP server. Would the
searchFilter allow me to search through only two AD
user containers? If so how would craft the search
query?
My LDAP skills are not good enough to know if you can limit searches only to two specific OUs. I think you have to set the baseDN to a specific OU only to get that OU, just as you are suggesting. But if all of your users are part of custom AD groups, you can select all the members of those groups. Here’'s an example searchFilter for finding all the users in two groups (I used this to select Faculty & Staff members):
Use the alternateBaseDN feature to specify to DN’'s in your directory to load users from.
Set the baseDN to be large portion of your directory and then use the search filter feature to filter out mail boxes and other stuff that’'s not actually user accounts.