Ldap help!

So I got it working but what i need to do is have many baseDN’s

So my question is how to do get more than two baseDN’s

I know there is a and a

how can i have more than 2

I have 3 OU’s each with users and groups, for this to work I can put one in the baseDN and one in the alternateBaseDN but i need a third one. I would just use the root of the domain but then things dont work at all…


If you’re using base dn’s that are ou’s in ldap can you use a higer level base dn that would include the 3 or 4 that you need and filter the users and groups by objectClass or some other attribute?


base: dc=example,dc=com

filter: (objectClass=user)

I would use the root of the directory but that doesn’t seem to be an option. When I use the root base dc=example,dc=com and have groups, end users when logged on presence will show offline, users cannot send between each other, therefore I have to use OUs under the root OU=,dc=,dc=.


Sounds like 2 different problems. Is the AD that you’re trying to get users from or another LDAP?

I’m still using a much older version of openfire but I’ve not had a problem with AD and I’m uing the directory root.

So, when you’re using the directory root users can login put don’t appear online to other users?

Have you tried duplicating the ldapsearch from a command line to see if you get the results you expect?

yep im using AD for users, I have the newest version, and I only get the error when I use root as my baseDN,

I have 2 OU’s with users and 1 OU with groups so i really need to have baseDN=ou=1,dc=example,dc=com alternateDN=ou=2,dc=example,dc=com and alternateDN2=ou=3,dc=example,dc=com

on a side note when i try to use root and have groups which are showen to all users, those users log in and when in the admin page you can see under session that they are authenticated and logged in but there presence shows offline, then if you drill down farther by clicking on that user, the following page will show there presence as online. Here we need to have groups its not a option. But as a workaround i can specifiy a OU as the baseDN… then things work.

I’m using AD for auth but the embedded db for groups, again on a much older version of wild/openfire. So, I’m not sure how much more help I can be.

Do you see anything in the error log when using the root as the base?

This might be completely off track, but… I personally wonder what happens if you have a user that’s a member of multiple groups in AD. How does openfire handle that?

Have you tried using AD to auth and creating a test group in the embedded system for testing? Since you can’t have the muliple bases that you want have your groups ever worked correctly?

Thats whats weird no errors, If i put group section on POXIS i get some errors but then i dont see Any members of groups, however users can log in and at least manually add users, but still they still appear as offline. Its like its seeing the root and can auth users but when it comes to updating the presence it just cant do that.

But no, never had it working right using the root with groups, however i havent tried earlier verison of openfire just the latest one. We do have an older one here but it wasnt using LDAP.

Also i didnt think if you put it to LDAP that it will let you create any group on the embedded system, pretty sure it will default to trying to add a AD group which it cant do. Going back to how you mention about how openfire will handel a user in multiple groups I dont know.

Oh well, what I will do is use ou=1 for baseDN and ou=2 for alternatedn on the .conf file and then just move my group ou in ou=1, then i can resolve both OU of users and since the groups ou is inside ou=1 then i can resolve groups.

Have you successfully used this method?

Are you using the correct ports? There is a different port you should use if you set the baseDN to the top of the tree. See this doc: http://www.igniterealtime.org/community/docs/DOC-1554.