After my first Rodeo ride with Openfire I got the basics running. My setup is configured to integrate with an OpenLDAP (2.4.38) server from the Zimbra product. In the admin Console I can fetch Users and Groups. Also User authentication via LDAP is working fine. The issue I’m having is that my groups always show no members in the Admin Console. I’m using the LDAP admin user at the moment, so Openfire has full access to all the User and Group objects.
An example of a LDAP user (filtered on relevant data):
dn: uid=tuser,ou=people,dc=domain,dc=nl
sn: User
zimbraMailStatus: enabled
zimbraAccountStatus: active
givenName: Test
displayName: Test User
objectClass: inetOrgPerson
objectClass: zimbraAccount
objectClass: amavisAccount
mail: test@domain.nl
cn: Test user
uid: tuser
title: Employee
An example of a LDAP group (filtered on relevant data):
dn: cn=employees,cn=groups,dc=domain,dc=nl
memberURL: ldap:///ou=people,dc=domain,dc=nl??sub?(&(title=Employee)(zimbraAccountStatus=a ctive)(!(zimbraIsSystemResource=TRUE))(!(zimbraIsSystemAccount=TRUE))(!(zimbraIs ExternalVirtualAccount=TRUE)))
zimbraIsACLGroup: FALSE
objectClass: groupOfURLs
objectClass: dgIdentityAux
objectClass: zimbraGroup
mail: employees@domain.nl
zimbraMailAlias: employees@domain.nl
zimbraMailStatus: enabled
cn: employees
member: uid=tuser,ou=people,dc=domain,dc=nl
My Openfire Group configuration:
ldap.groupDescriptionField: zimbraMailAlias
ldap.groupMemberField: member
ldap.groupNameField: cn
ldap.groupSearchFilter: (&(cn={0})(objectClass=zimbraGroup))
ldap.nameField: cn
ldap.posixMode: false
To summarize: I can fetch this group perfectly in the Admin Console, but no memberships are returned. The attribute “member” is defined on the group and the syntax of the membership is full DN so I configured posixMode to “false”. I don’t see any errors in the logs, so I’m assuming this is a bug.
Any thoughts?