LDAP groups - some missing in Group Summary

Nick_Chaplin · June 12, 2008, 9:02pm

Openfire 3.5.1, Windows 2003 Server, LDAP (Active Directory) database

This has been working - and now today all of a sudden a problem has shown up. The Group Summary in Openfire is missing seemingly random groups. All groups are within the BaseDN, spread over 3 or 4 OUs. The missing groups are from any of those OUs. For example, I have two groups called :

Openfire Shared Groups - IS

OpenfireIMGatewayUsers

Both these groups are in the same OU, and are both Universal Security groups, neither are mail-enabled. AD security is identical. If I do a group search in Openfire for let’s say “Open”, I get 2 results found (correct) but only “Openfire Shared Groups - IS” is listed. This means that my IM Gateway users no longer have access to the gateway - as that second group was giving permissions!

Why would the group count seemingly be correct, but only some of the groups be listed?

Nick

Nick_Chaplin · June 26, 2008, 1:42pm

This is a bit of a weird one - it has improved by using the attribute in place of as the value under <groupNameField> in openfire.xml. I now get many more groups, but still not all. It has solved my pressing problem though. I have noticed that for both users and groups I get exactly 1000 results returned - which I think I’ve read is an AD / LDAP restriction, so I guess I need to either investigate some LDAP filters or get the Active Directory tidied up!

Unless there are any other ideas? I’ve seen lots of similar postings but no real definitive answer as to whether the seemingly random missing groups problem is a problem with Openfire…

Cheers, Nick

NO_MESSAGES_OR_FRIEN · June 26, 2008, 2:41pm

AD has a limit it on results of a query of 1000. This can be adjusted. See this site for reference: http://support.microsoft.com/kb/315071