Hi, I am new to OpenFire and currently strugling with the LDAP setup. I went will all suggested defaults and had it sucessfully running when pointing to the following BaseDN: cn=users,dc=domain,dc=local.
Unfortunately, you can see all user accounts even those who are disabled, etc.
I then changed my strategy and created a group under AD Users called “IMUsers” and copied everybody in there who will use the OpenFire/Spark system. How would I change my BaseDN to make this setup work?
Well, the first point you should know is how to order the LDAP users. You must create the OUs hierarchicly and create the users inside them. Don’t forget to create the groups that contains users according to smaller OUs.
**BASE DN: **The second point you should be aware of is to know from where in the LDAP tree are you going to begin to read so the Openfire server knows what groups and users will take.
Besides that, you shouldn’t have any troubles at all…
Our AD setup is what I would consider ‘downright standard’.
All users are in the root of the AD tree under ‘Users’
In there are a few groups, i.e. Domain Admins, Domain Managers, etc.
One of these groups is called ‘IMUsers’
I want to make this group to be valid for OpenFire where to look for users.
All users in the Users container is not standard or even proper usage. The User container generally should be used for default AD accounts only. Any created accounts should be placed in a well structured set of OUs residing outside that container. This allows for granular management via group policy, as well as more control of structure. This can greately simplify your LDAP integration. Here is an older doc I created for AD LDAP: http://www.igniterealtime.org/community/docs/DOC-1554
Can you resend the link to the document, please? I cannot open it.
fixed the link
