LDAP group mapping


I’m setting up an Openfire server, and I can’t get the group mapping to work with our openldap.

I somebody would be so kind to help me, here’s a example of the structure :


  • ou=groups

– cn=system

— gidNumber=5001

— description=what does IT mean ?

— memberUid=it1

— memberUid=it2


– cn it1

– gidNumber=100 (default user group)

– uid=it1

– uidNumber=456

– cn it2

– gidNumber=100 (default user group)

– uid=it2

– uidNumber=457

I’ve tried numerous things, it keeps slipping through my fingers



base DN: dc=xxx,dc=fr

The user part looks weird, I assume it looks like this instead:


– uid=it1

— cn it1

— gidNumber=100 (default user group)

— uidNumber=456

– uid=it2

— cn it2

— gidNumber=100 (default user group)

— uidNumber=457

User filter would then simply be:


meaning the username ({0}) is the uid of each user.

Group mapping entries:

Group field: cn

Member field: memberUid

Description field: description

Group filter: (entrydn=cn=*,ou=groups,dc=xxx,dc=fr)

or maybe even: (dn=cn=*,ou=groups,dc=xxx,dc=fr)

Your values for group membership also look a bit suspicious: they only contain the uid part; this might be specific to openldap (I am used to 389ds).

You might have to enable posix mode, but there shouldn’t be a lot of suprises otherwise.