LDAP Group mapping --> empty groups

jokakilla · August 31, 2009, 9:41am

Hi,

I’m trying to connect an OpenFire 3.6.4 to my OpenLDAP Server.

I have serveral Groups (organizationalUnit) containing users.

The users are found successfully and the groups too.

My problem ist the mapping user to group. The groups are all empty. My users are in the tree under the corresponding group.

e.g.

BaseDN: ou=users;dc=mycompany;dc=de

Groups: ou=admin;ou=users;dc=mycompany;dc=de

ou=guests;ou=users;dc=mycompany;dc=de

DN: cn=Alice;ou=admin;ou=users;dc=mycompany;dc=de

DN: cn=Bob;ou=admin;ou=users;dc=mycompany;dc=de

DN: cn=Carol;ou=guests;ou=users;dc=mycompany;dc=de

Is it really true that i need to add every user-cn to an field in the group?

So refering to the DNs I’d have to add two member fields to my group admin with the values Alice and Bob?

This would be an redundant information and hard to administrate. The DN of the user already contains the group…

Thanks in advance

Jan

NO_MESSAGES_OR_FRIEN · August 31, 2009, 11:54am

An OU is not a group in LDAP. It is an organizational unit or in simple terms a folder. A group is a CN or container.

jokakilla · September 1, 2009, 8:06am

Thanks for that information!

Ok now my tree looks like this

dc=de

|

dc=mycompany

|

ou=agents

|

| |

CN=user1…CN=userX ou=groups

|

CN=group1…CN=groupX

BaseDN ou=agents,dc=mycompany,dc=de

Users of objectclass person straight under agents.

Groups of objectclass groupofnames under groups.

Users are found, groups too and the mapping user to group works.

But users are CN and groups too and because my baseDN is ou=agents… users are also detected as groups.

Any idea how to solve that? Can I set a group filter objectClass=groupofnames?

Kosh · September 4, 2009, 2:49am

I actually created a objectclass called “openfireGroup” but our server has alot more users.

The easiest way we had before that was to use businessCategory=openfire

(The better way for most others would be to use a new organizationalUnit for openfire groups, but we couldn’t)

That is if you want to distinguish between any groupOfNames or only groupOfNames for OpenFire to use.

To get all groupOfNames appearing in the OpenFire groups:

In “Server Properties”, change “ldap.groupSearchFilter” to “(objectClass=groupOfNames)” (try lower case if that doesn’t work).