powered by Jive Software

Limited user import from ldap / edir

Hello all,

Would anyone have any ideas as to why openfire would be limited the number of users that get imported from my ldap directory. I have well over 500 users in edir yet openfire shows only 299 getting imported.

I am using mysql server in a WAMP install as the database. Could it be a limitation there somewhere?

Any Ideas would be greatly appreciated!

Wayne

Well, it seems that all the users don’t go into the database, just those that have been added to a roster. so it cannot be a db problem.

Wayne

Openfire should pull all your users from your LDAP regardless on roster listings. My test server has one active user with no roster and yet I have all my users on the server. I would verify your BaseDN settings and make sure it covers all your users.

Thanks for the reply…

My base dn is at the root of my edir tree… Covers everyone, so I am at a loss at this point…

I’ll going to clear the cache and restart the server again and see if it fixes itself…

Thanks

Wayne

after clearing the cache and restarting the server, still showing 299 users… this is too weird…

Wayne

I am not familiar enough with eDirectory, but does it have a limit to the results of a query. So when LDAP is queryiing for users it can only get a finite result. Windows active directory has the limit set 1000 by default.

Well, I just don’t know… I’ll look into it. thanks for the tip!

Wayne

I think you are looking for the search entry limit. This will limit the number of results of any LDAP query in eDirectory.

yeah… I found the setting, but it does not have any restrictions set… I think I am going to try one of my other servers and see if it makes any difference…

Thanks

Wayne

Well, same thing using another ldap server… I don’t get it…

I also have tested both servers with ldapbrowser 2.6 and I can see everything and and everyone. So, I really don’t know what is going on here.

any other ideas?

Thanks

Wayne

did you apply any type of user or group filters? could you attach your openfire.xml (edited for security)?

Do you have any alias objects in your tree? Is your base dn set at the highest level organization? I assume you have your accounts seperated in to an OU(s) below?

You can try applying a user filter such as the following to ensure you are pullling user accounts only

<searchFilter>(&(objectClass=inetOrgPerson)(uid=))</searchFilter>

If you have all your accounts in only one OU, you can also try adding that to your base dn such as, o=bogusOrg;ou=bogus

Alias = no

Base DN highest = Yes

OU’s = yes

Where in the xml file would I put this filter?

What’s really odd, is that I changed the username field from uid to cn, because I wanted it to pull everything in my directory as a test. And yes, I did get something like 2200 objects to show up, but I still had users that were missing. Everyhting that is not a container should have showed up and been searchable as a user. So, I am at a complete loss. It has to have something to do with edir and openfire, because ldapbrowser can see everything in my tree, including the users that are missing in openfire.

Wayne

Ok… followup…

Using the filter provided above and changing uid to cn, seems to have netted me the majority of my users. I only know of one that is still not showing up. I guess I’ll just have to chalk it up the mysteries of the universe. I’ll probably delete and recreate the user and see if that fixes it. I’ll let you all know…

As for why the UID didn’t work, well I just am not really sure. I do know that nwadmin does not create the uid attribute and many of our users were created using nwadmin. But, I had manually set the uid later. Still, that may have had something to do with it. It could also have had to do with large imports of users. Who knows…

Wayne

Just an FYi for those of you that may be experiencing this problem… I found that while LDAP may be set to 1000 (W2K) and 1500 (W2K3) by default only 1000 of them were imported into openfire from the server user list prespective; however when I did a search for user 1298 in my orgonization, he was in the server although he was not listed in the users list in Openfire… so this seems to be an issue with Openfire not displaying more then a 1000 users.

This is not an openfire issue. When using LDAP the users list is dynamic based on an ldap query of you baseDN in relation to your filters. If the results are more than 1000 AD will only give the first 1000 results of the query. By doing a separate search you are doing an individual query, which will result in success.