powered by Jive Software

LDAP groups not all showing up

Im trying to enable auto populating of groups into the chat clients… So I created a group in Active Directory with the users im trying to group.

But when I go to the group section of openfire, not all the groups are showing up… I have something like over 200 groups and only 8 of the groups are even showing up… What the heck is up with that?

Im thinking it might be a limit on the # of groups the ldap query can run…

BUT, why does it keep picking the same 8 groups? It doesnt do it alphabetically either… so whats the deal…

nobody knows huh?

Should i be using filters? Do you think its a limit on my ldap search using the user realated to the jabber server?

It is nearly impossible to answer this question other than to say there is no limit to the number of groups. Active Directory has a built in limit to the number or results it will return per query, which is 1000. This does not seem to be your issue. I would look at your baseDN first.

If you have one group, then just input a filter to look up only that group by name:


If you have multiple groups in AD that you want populated in the roster, prepend your AD groupnames with something and use a wildcard filter:


Well looking @ my filter…

I can tell why the results of the list are so low…

Its searching for membersof=Jabbersusersgroup … which my new group is not a part of

** (&(objectCategory=Person)(memberOf=CN=JabberUser,CN=Users,DC= domain,DC=com))**

So instead I guess I should be doing something like this for the filter

__ (&(objectCategory=Person)(memberOf=CN=Jabber*,CN=Users,DC=dom ain,DC=com))__

will that work? since the * is including the other segments of the ldap structure? Or should I just be doing

__ (&(objectCategory=Person)(memberOf=CN=Jabber*)) ?__

That filter is a user filter that will limit the results of Users allowed to login to the server. It should not limit the groups, nor should it be used as a group filter.

Well its going to filter out the users allowed to use the service.

I need a user filter to limit the users allowed to actually use the jabber server.

But I also need groups within these…

Which is why I created another group JabberUsers JabberGroupXXX

so instead of filtering for members of Jabberusers , I want to filter for members of Jabber*

How do i do that?

You are correct in creating a user filter to limit who can login to the server. You would want your System Properties to read something like:

ldap.searchFilter (objectClass=organizationalPerson)(memberOf=JabberUsers)

Now, the group filter will limit what groups are available for roster population. Assuming you have multiple groups prepended with something, then you would have this in your System Properties:

ldap.groupSearchFilter (objectClass=group)(cn=Jabber*)

This way, users are limited. And their group membership is reflected in the selected groups you filter.

you cannot use wildcards in the users filter. you will need to use a multi-criterea filter.


Well ultimately,

The new groups i created, still dont show up in my groups list. Theres only 8 groups that show up, and thats without a group filter.

One of the groups that show up dont even have any valid users from the JabberUsers group.

so the question is, why is it picking these random ass groups… is it an ldap search limit im hitting?

and even if i put the ldapgroup filter in, it doesnt come back with anything… Do i need to restart the server for the settings/filters to take effect?

I did not see in in the openfire.xml file when i modified it through the web interface,

again without seeing what you entered for your baseDN, user filters, and group filters, combined with the actual structure of your AD forrest it is going to be near impossible to diagnose. Your groups can be outside your baseDN, could be excluded by bad filters, etc. There could be hundreds of little reasons.