I was recently having some issues getting Openfire to integrate with my Open Directory LDAP configuration. I wanted to post how I ended up getting it to work for anyone’s reference.
base DN was as usual
dc=server, dc=domain, dc=com
admin DN was typical as well
uid=[directory admin], cn=users, dc=server,dc=domain,dc=com
The tricky part came when trying to get group mapping to work. I’m sure there are plenty of ways to get this done, but this is what worked for me:
During Openfire Setup:
- I opened up Workgroup Manager and set it to view All Records Tab under Preferences
- Used dropdown menu under All Records and selected “Groups”
- Selected my main group under which all my net users are grouped under (‘Staff’ in my case)
In Openfire Group Mapping setup screen:
- set group name (1st field) = apple-group-realname
- set group membership (2nd field) = memberUid
- description field was left as is.
Upon testing the settings, Openfire picked up all my custom groups, while leaving out all of the system groups. It also picked up all users associated with those groups.
The downfall seems to be that primary group ID for each user won’t count in this setup. Meaning that Openfire won’t pick up John Doe as a member of group ‘Staff’ even if his primary group ID is for the Staff group. I worked around this by adding the primary group into each users’ “Other Groups”
Any comments on this including better ways to do get the same thing accomplished would be great!