LDAP - group members not populated (groups wo users)

Openfire Openfire Support
1

Hello to all Openfire experts,

I’ve come across a challenge I’ve so far not been able to solve. Your ideas and feedback would be much appreciated.

We have correctly installed and configured Openfire on a Busybox OS (Synology on a DS213) with access to Postgres database and setup with LDAP integration (I am lead to believe this is OpenLDAP). All working, LDAP access to the configuration console as admin user, etc., etc. , so far no problems. I’ve found lost of information for AD LDAP integrations but this seems to be a not so well documented area.

Where i struggle is this; when I look at the groups section https://server_name:9091/group-summary.jsp I can see that not only groups but basically all entries in the LDAP appear in the list (see image attached). However, and this is the frustrating bit, none of the groups are populated with any members. AS a result users that login with their XMPP clients cannot see other users unless they do a search.

Would anybody on this forum have some good clues as to what I would need to change to make Openfire find not only the groups but also, and almost more importantly, also it’s members?

Openfire Groups

Note: as you can see the groups that are pulled in don’t contain any members. Also, there are individual entries for each user, also in the group list. The group we’d like to use for Openfire is the groups called (duh!) “openfire”.

https://googledrive.com/host/0BzyXrNcvjFXHQkRKREtoaGVwaWs/Openfire_screendump_gr oups.png

LDAP SETTINGS (as configured in Openfire)

  • ldap.adminDN: uid=root, cn=users, dc=DISKSTATION (entry as found in the LDAP main settings screen)
  • ldap.adminPassword: hidden
  • ldap.autoFollowAliasReferrals: true
  • ldap.autoFollowReferrals: false
  • ldap.baseDN: dc=DISKSTATION (entry as found in the LDAP main settings screen)
  • ldap.connectionPoolEnabled: true
  • ldap.debugEnabled: true
  • ldap.emailField: mail
  • ldap.encloseDNs: true
  • ldap.groupDescriptionField: description
  • ldap.groupMemberField: member
  • ldap.groupNameField: cn
  • ldap.groupSearchFilter: (cn={0})
  • ldap.host: 127.0.0.1
  • ldap.ldapDebugEnabled: true
  • ldap.nameField: cn
  • ldap.override.avatar: true
  • ldap.port: 389
  • ldap.posixMode: false
  • ldap.searchFilter: (uid={0})
  • ldap.sslEnabled: false

LDAP Settings

https://googledrive.com/host/0BzyXrNcvjFXHQkRKREtoaGVwaWs/LDAP_screendump.png

LDAP Groups

https://googledrive.com/host/0BzyXrNcvjFXHQkRKREtoaGVwaWs/LDAP_screendump_groups .png

LDAP Viewer Settings

Using an LDAP viewer, this is what the LDAP structure looks like

https://googledrive.com/host/0BzyXrNcvjFXHQkRKREtoaGVwaWs/LDAP_viewer_screendump .png

Openfire settings

https://googledrive.com/host/0BzyXrNcvjFXHQkRKREtoaGVwaWs/Openfire_screendump.pn g

2

You have to use group filters. This is how I manage my groups. Hopefully this will point you in the right direction.

3

Hello speedy,

Thanks for your response and the link; I have checked many of the existing threads. The one you point me to - like so many others - relate to AD integrations and don’t seem to apply to OpenLDAP integrations.

I have been able to succesfully reduce the results from LDAP to one group by using the filter (cn=openfire). This results in just this group being referenced but the problem then remains that it has no members (0).

Any more ideas or suggestions? I could really do with some… :slight_smile:

Cheers Jappie