powered by Jive Software

LDAP group resolving: 0 members

After my first Rodeo ride with Openfire I got the basics running. My setup is configured to integrate with an OpenLDAP (2.4.38) server from the Zimbra product. In the admin Console I can fetch Users and Groups. Also User authentication via LDAP is working fine. The issue I’m having is that my groups always show no members in the Admin Console. I’m using the LDAP admin user at the moment, so Openfire has full access to all the User and Group objects.

An example of a LDAP user (filtered on relevant data):

dn: uid=tuser,ou=people,dc=domain,dc=nl

sn: User

zimbraMailStatus: enabled

zimbraAccountStatus: active

givenName: Test

displayName: Test User

objectClass: inetOrgPerson

objectClass: zimbraAccount

objectClass: amavisAccount

mail: test@domain.nl

cn: Test user

uid: tuser

title: Employee

An example of a LDAP group (filtered on relevant data):

dn: cn=employees,cn=groups,dc=domain,dc=nl

memberURL: ldap:///ou=people,dc=domain,dc=nl??sub?(&(title=Employee)(zimbraAccountStatus=a ctive)(!(zimbraIsSystemResource=TRUE))(!(zimbraIsSystemAccount=TRUE))(!(zimbraIs ExternalVirtualAccount=TRUE)))

zimbraIsACLGroup: FALSE

objectClass: groupOfURLs

objectClass: dgIdentityAux

objectClass: zimbraGroup

mail: employees@domain.nl

zimbraMailAlias: employees@domain.nl

zimbraMailStatus: enabled

cn: employees

member: uid=tuser,ou=people,dc=domain,dc=nl

My Openfire Group configuration:

ldap.groupDescriptionField: zimbraMailAlias

ldap.groupMemberField: member

ldap.groupNameField: cn

ldap.groupSearchFilter: (&(cn={0})(objectClass=zimbraGroup))

ldap.nameField: cn

ldap.posixMode: false

To summarize: I can fetch this group perfectly in the Admin Console, but no memberships are returned. The attribute “member” is defined on the group and the syntax of the membership is full DN so I configured posixMode to “false”. I don’t see any errors in the logs, so I’m assuming this is a bug.

Any thoughts?

I had same problem and I solved it. Just set ldap.autoFollowReferrals property to true and restart openfire. It works for me!