powered by Jive Software

Mac OS X LDAP integration

I was recently having some issues getting Openfire to integrate with my Open Directory LDAP configuration. I wanted to post how I ended up getting it to work for anyone’s reference.

base DN was as usual

dc=server, dc=domain, dc=com

admin DN was typical as well

uid=[directory admin], cn=users, dc=server,dc=domain,dc=com

The tricky part came when trying to get group mapping to work. I’m sure there are plenty of ways to get this done, but this is what worked for me:

During Openfire Setup:

  1. I opened up Workgroup Manager and set it to view All Records Tab under Preferences
  2. Used dropdown menu under All Records and selected “Groups”
  3. Selected my main group under which all my net users are grouped under (‘Staff’ in my case)
    In Openfire Group Mapping setup screen:
  4. set group name (1st field) = apple-group-realname
  5. set group membership (2nd field) = memberUid
  6. description field was left as is.

Upon testing the settings, Openfire picked up all my custom groups, while leaving out all of the system groups. It also picked up all users associated with those groups.

The downfall seems to be that primary group ID for each user won’t count in this setup. Meaning that Openfire won’t pick up John Doe as a member of group ‘Staff’ even if his primary group ID is for the Staff group. I worked around this by adding the primary group into each users’ “Other Groups”

Any comments on this including better ways to do get the same thing accomplished would be great!


When you say

  1. set group membership (2nd field) = memberUid

do you mean set the field to the text = memberUid or that actual memberUid number?

If it is the number were would you locate this? Attached is a screen shot of my staff group.

I have the users list in now, but the groups are not showing up.