LDAP Customization search issues

I need some assistance with LDAP customization searches for AD. I have installed Openfire 3.6 with LDAP (AD) integration sucessfully, however when I try and customize a search string in openfire.xml, it wipes out my entire configuration and when I try and log into the admin interface, I am prompted to run throught the setup wizard again.

Also, does anyone know where the LDAP info in stored? Its not listed in the openfire.xml file like the LDAP guide indicates.

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

Any assistance is greatly appreciated.

What exactly are you trying to do? Also most modifications are now done via the system properties in the Openfire Admin website.

What I’m trying to do is have only a subset of users allowed to used IM/Chat, but in AD, those users are not all in the users CN, but are in separate OU’s. Currently, my baseDN is set to the root of AD so every user is pulled in. After reading the LDAP guide, I understood I could manually edit the openfire.xml file.

As far as the making the mods in the system properties, i tried changing the search string to one particular OU and it worked, but not sure how to make it work with multiple OU’s.

Make sense?

In all actuallity if you want to limit server access to a particular group of users, then I would create a grooup and add those users to it and filter by the group membership.

I’ve tried that as well, however, each member has to be added separately, you cannot add nested security groups. So is manually editing the openfire.xml not recommended?

not anymore. all edits should be done from within the admin website. additionally you cannot filter by AD OUs it must be by some other criteria such as group membership.

do you have any docs on what that search string might look like?

(&(objectClass=organizationalPerson)(|(memberOf=cn=LDAPGroup1,ou=accoun ts,dc=domain,dc=com)(memberOf=cn=LDAPGroup2,ou=SecondaryAccounts,dc=domain,dc=co m)))

do you know if the group works with nested groups?

Nested groups do not work. The groups can only have users as members.