powered by Jive Software

LDAP Users in multiple groups

i REALLY hope some one can help me with this issue. I have AD users that are a memeber of multiple groups. but i need a way to specify which of the Openfire groups they are a member of. Since im using the LDAP authentication, i cannot manually specify which group these users are suposed to belong to, and there doesnt seem to be a standard as to which group the users are added to. so hopefully someone else is in this same situation and could be of some assistance.

Getting that question answered would solve my problem, but maybe there is a better way around this. all of the users are in OUs based on the group they should be in for openfire, so maybe there is a way that i can use OUs for groups, rather than domain group names. is that possible? What i mean is UserA, and UserB are in the OU Administrators, but are members of Sales and Administrators groups. UserA is showing up in the Sales group on openfire while UserB is in the Administrators group. if there was a way to specify that each OU is a group, and the users in each OU belong to that group in Openfire, that would be an easier way around my issue that i am having.

Anyone have any suggestions ? i would be very greatful for any help i can get on this !

Create the specific groups in AD and add the members. Then once this syncs to the openfire server share those groups.

I am having a very similar issue. Aside from being in multiple asimilar groups, all members of any given department belong to a Security group and an Email group of the same name. To overcome this, I simply chose one group type to “enable contact list sharing” on, and shared that with All Users. However if there are any non-department users in that group, they will show up in multiple groups. For example, users who started in one department moved to another but still handle some duties from their previous position are still members of their previous department’s email and security groups. Can get hairy. I wish there was a way to handle it better in Openfire, but I don’t believe so.


Thanks for the reply Todd, that is how i fixed the problem temporarily. i still wish that i could specify OUs as the groups, but in the mean time this will work out ok !!

an OU can not be a group. They are merely a folder/container to hold things, hence the name Organizational Unit. In order to use groups in Openfire with an AD LDAP configuration you need to have the groups defined in AD. Openfire views LDAP in a read-only fashion.