powered by Jive Software

LDAP. I don''t what to create a new OU for wilfire

I use LDAP and AD. all my users are under the Users OU and I don’'t want to add another OU just for wildfire. We are a small company and is perfectly fine to have all the users under Users.

The search filter part is working fine, I see all the users in the Admin Console and all the users are able to connect but I can’'t figure out how to automatically populte the users in spark.

This is the specific section of my wildfire.xml

<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<groupSearchFilter><![CDATA[
            (&
                (objectClass=group)
                (member=)

)]]>

looking at AD with LDAP browser I see I have

dc=example

cn=builtin

cn=users (objectclass group)

cn=users (objectclass container)

cn=usersID

.

.

any suggestion is appreciated. Thanks

I can’'t figure out how to automatically populte the users in spark.

If you are talking about something like “new users cannot automatically add to the list on Spark clients after I loaded them on the server without restarting”, I would think this is not a configuration problem, but rather a software issue, which is documented as JM-379 but haven’'t solved after all these releases.

To present this in a simple sentence: I tend to believe there is nothing wrong about you.

No. I am actually talking about being able to have the entire list of users show up on spark without having to manually add every single user.

I’'ve read other posts and I believe this should be possible using the groupSearchFilter.

No. I am actually talking about being able to have

the entire list of users show up on spark without

having to manually add every single user.

Are you sure that the groups in the OU are populated with users?

I once tried your filter (which is the default of Wildfire AFAIK) on empty groups (without users) and they just cannot show up.

Moreover, is that you tried enabling “showing offline users” on Spark but still no avail?

If you don’'t want to do a bunch of different groups, just add one group and have everyone a member of that group. Then make that one group visible to all users.

Do I HAVE to create one group and place all the users under it?

What I hoped I could do is just use the “Users” container and treat it as a group since all the users are already under the CN “Users”

I believe you do. What I would do is create a simple groupSearchFilter that would just catch the Domain Users[/b] group or something similar. Then share that group from the admin console.

When you say “group,” do you mean an OU? The OU’‘s in AD don’'t have any real relevance to Wildfire. Use your actual AD security groups to create groups in Wildfire. You can leave all your user objects where they are in AD.

ok.

When you say share the group in the admin console you mean go to

users/group > groups > create new group

and then you will create a group with the same name as the one in LDAP?

after that select the “enable sharing group in roster” right?

This is what I’'ve been trying but no users show up inder that group

or am I supposed to actually see that group listed somewhere in the admin console?

If you are using LDAP groups, you won’'t ever create a group from the admin console. If your groupSearchFilter is working properly, you will see the discovered groups in the Group Summary page of the admin console. From there you go in a share the groups that have already been discovered.

To test your groupSearchFilter, enter it into LDAP Browser’'s search feature (Ctrl+F) and see what it returns.

so, I’'ve created a group called “wildfire” (and this is a security group at the same level as all the other users. it shows up as two little heads in “ADuser and computers” in my MS DC.)

I’'ve added 4 users under that group.

I went to the LDAP browser and performed a search

SearchDN: cn=users,DC=aaaaaa,DC=bbbbb,DC=com

Filter: memberOf=cn=Wildfire,cn=Users,dc=aaaaaa,cd=bbbbbb,dc=com

and the 4 users showed up!

Then I edited my wildfire.xml file and now it looks like this

<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<groupSearchFilter><![CDATA[
  (&
    (objectClass=group)
    (memberOf=cn=Wildfire,cn=Users,dc=aaaaaa,cd=bbbbbb,dc=com)
    (member=)

)]]>

restarted wildfire

logged into the admin console

I see the four users in the user summary

I DO NOT see anything under groups summary

and I do not see any users in spark

Let me translate your groupSearchFilter into english:

Match any group[/b] that is a member of the Wildfire group[/b].

Do you see that that’‘s not what you want? The only way that will work is if you make the Wildfire group a member of itself! Doh! That’'s not even possible!

Try this instead:

[/code]

Translation: match any group who’'s Common Name is Wildfire[/b]. You should then see a Wildfire group show up in the admin console.

I did what you suggested and it still doesn’'t work.

If I go to the LDAP browser and enter

objectClass=group in the flind field I get all the groups

and if I enter cn=Wildfire I see the wildfire group so I assume everything is correct.

…but unfortunately it still doesn’'t work.

this is my modified wildfire.xml

I can’'t think of anything else

I still think the member field of your Wildfire group is empty or something like that. Try seeing the properties under that group.

My wildfire group I has four members fields, one for each user I added to that group.

How can I add a wildfire member into the wildfire group?

Seems that your LDAP is OK…

Would you mind doing the following (If you have enabled debug log, start at step 5)

  1. login the admin console

  2. Click “Logs” on the left

  3. Click “Debug”

  4. Find “Debug Log” and Click “Enabled”, then press “Save changes”

  5. Click “Users/Groups” on the top

  6. Click “Group summary” on the left (don’'t mind the result)

  7. Click “Server” on the top

  8. repeat steps 2 and 3

  9. Copy the debug logs, hide any sensitive data and post it here…

Message was edited by: Patrickov

Here are the results. I don’'t see any problems…

2006.05.18 08:09:09 Creating a DirContext in LdapManager.getContext()…

2006.05.18 08:09:09 Created hashtable with context values, attempting to create context…

2006.05.18 08:09:09 … context created successfully, returning.

I assume you are using the LdapGroupProvider[/b], right?

Also, you should see a lot[/b] more debugging information that what you just provided.

Yes I am

This is my complete wildfire.xml

<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<groupSearchFilter><![CDATA[
  (&
    (objectClass=group)
    (cn=Wildfire)
    (member=)

)]]>

No, you’'re not. You should have this:

[/code]