Ldap groups


I am using open LDAP to authenticate to wildfire server. Everything works fine and I am really happy with wildfire. However, the groups feature does not work as I would want it to. The groups that are created have the same names as the users in my LDAP directory and they are all empty. The groups that I have in LDAP do not have names; they are labeled numerically. What should I do to make those groups appear instead of the groups based on everybody’'s username?

Thanks a lot

P. S. Btw, this is a stupid question, but I could not find an answer to it anywhere: what are the main advantages of using groups: I mean, which additional features (features that cannot be used without using groups) groups give me?

I don’'t think I understand your main question, but regarding your P.S.:

Groups are mostly beneficial to medium and large organizations. You can use them to better organize your users into their respective functional departments or to prevent different groups from being able to see each other. I’'m sure there are more reasons than those two, but those are the two big ones.

In regards to your answer about the role of the groups: Can’'t I just use the workgroup feature that is available through Spark Fastpath plugin to achieve the same result?

Relative to my main question: This is the situation that I currently have. All the users that I have in my LDAP directory belong to one of the three groups, where the groups do not have names but are numbered 1, 3, 7(what I mean here is that those numbers ARE the names of those groups). However, when I open Group Summary in Users/Groups section in admin console, the groups that I see are named as the usernames in my database (there are as many groups as users) and not a single user is attached to any of those groups. So I am trying to understand how I can change the setup to be able to use the three groups that I use in my database.

Perhaps you can do that with FastPath, but I’'m not familiar with it. We are only using the opensource Wildfire server with the Pandion client.

It sounds like your Group search filter is picking up user objects instead of group objects in LDAP.

Ok, so how can I make it pick group information instead?

In step 3 setting up LDAP (Group Mapping)

I have Group Field as “CN”

Member field as “Member”

Description field as “Description”

Now click Advanced Settings

You probably want Group Filter set to “(objectClass=group)”

You may have a blank filter, or it says “user” instead of “group”…

These groups must reside within your root OU.

Hope this helps.

I use Active Directory, which behaves differently from OpenLDAP, so I can’'t offer a working LDAP query, but look into fixing your groupSearchFilter property in conf/wildfire.xml. Mine is currently this:


Test some LDAP queries using ldapsearch on the command line to see what they return.