LDAP & Groups

Luis_A_Uriarte · January 10, 2006, 3:00pm

Hello.

Sorry for my english. I’'m from Argentina

They do not appear the Groups in my console.

This is my configuration:

/b

try to add

[/b]

But it appears to me instead of the groups, the users?

I’'m using Open LDAP in Linux Mandriva and Wildfire in Solaris 10

They understand?

Thanks in advance

Luis_A_Uriarte · January 11, 2006, 3:51pm

Install jive-wildfire in Linux Mandriva and it does to me the same. It shows the users to me, but not them groups.

And when I add:

[/b]

It shows the users to me instead of the groups

Please help me

Thank in advance

Renato · January 11, 2006, 8:45pm

I too am having a hard time getting the groups to appear. I am running RH AS 4 with openldap (used as a PDC). All the old windows users have been migrated to the LDAP server and they now belong to the “Domain Users” group. I have no problem “seeing” the openldap users. Could somebody share with me an example of the wildfire.xml with the groups configured?

Here is the LDAP section of my wildfire.xml

This resulted in all the users defined in the openldap server to appear under the Group Summary view.

Thanks

Renato

Jason9 · February 2, 2006, 9:33pm

Seeing the same problem with our openldap. I see all users fine, but no groups. There does not appear to be a way to specify an ldap.groupBaseDN value, so what DN is being used to search for groups? Our groups are stored in a separate DN from users, so not sure how to make wildfire look in the right place.

users in

field, but that did not help.

Jay · February 2, 2006, 10:13pm

Try adding a (&(objectClass=posixAccount)(uid=))
memberUid
(&(objectClass=posixGroup)(memberUid=))

USA

org.jivesoftware.wildfire.ldap.LdapUserProvider

org.jivesoftware.wildfire.ldap.LdapAuthProvider

org.jivesoftware.wildfire.ldap.LdapGroupProvider

org.jivesoftware.wildfire.ldap.LdapVCardProvider

Jay · February 2, 2006, 10:21pm

One other quick think to mention, is your baseDN has to do with your organization. If you keep your users under ou=Users,dc=example,dc=com and your groups in ou=Groups,dc=example,dc=com, you want your baseDN to be just dc=example,dc=com.

If there is a reason you have the split, but cant or dont want to set your baseDN that low becayse you have another ou for non-privledged users, you will need to make use of the searchFilter to limit what you want off some other value.

Jason9 · February 2, 2006, 10:28pm

Ok, I swore I tried that before, but backing off the DN seems to have done the trick. I think the seach query (wrapped with CDATA tags) must have done the trick. Thanks for the help.

VinayakLV · February 5, 2006, 7:04am

Here is how I did it…

host: I used the AD domain name (e.g. domain.com), which should resolve to any domain controller. You can also enter a specific domain controller (dc1.domain.com).

port: 389

usernameField: sAMAccountName

nameField: I used displayName, but you can also use the container name field (CN).

emailField: mail

baseDN: The distinguished name of the container that user searches will be performed on. For example, to include all users in your AD, use DC=domain,DC=com. To include only the users in the “Users” container, use CN=Users,DC=yourdomain,DC=com.

adminDN: The distinguished name of the user with permissions to perform directory operations (e.g. CN=Administrator,CN=Users,DC=domain,DC=com). I would recommend creating an account just for this situation and assigning the minimum amount of permissions needed (which I haven’'t determined yet).

authorizedUsernames: the container name of the adminDN user (e.g. Administrator).

I’'ve one Small Problem after doing above change not able to login to EXODUS… it seems to be not Authenticating …Please help me[/b]

Thanks

Vinayak

Yan · February 21, 2006, 12:37pm

First is to uset groupSearchFilter = memberUid, this is where users are listed.

Second you should check if there is any answer from LDAP at all where searching those users.

you can try [/b] string, place your type of objectclass instead qmailUser[/i]