For my Openfire setup, I am using ActiveDirectory for my users and groups. I have a basedn (dc=child,dc=parent,dc=com) and I have an alternatebasedn (dc=parent,dc=com). This intentional as almost all of the users will come from my basedn (child.parent.com). For the most part, all of my groups are comprised of members from both my basedn and my alternatebaseDN. However, if I were to look at the group members as they seen by Openfire, it appears that only members in my basedn are catelogued in my groups. None of the users from my alternatebasedn are catelogued. Am I missing something? Here’s a snippet of my config:
</admin>
<locale>en</locale>
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, 127.0.0.1. This setting is generally only useful
on multi-homed servers. -->
<!–
<network>
<interface></interface>
</network>
–>
<connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</classN ame>
</connectionProvider>
<database>
<defaultProvider>
<driver>org.postgresql.Driver</driver>
<serverURL>jdbc:postgresql://LOCALHOST:5432/openfire</serverURL>
<username>dbuser</username>
<password>dbpassword</password>
<testSQL>select 1</testSQL>
<testBeforeUse>true</testBeforeUse>
<testAfterUse>true</testAfterUse>
<minConnections>5</minConnections>
<maxConnections>100</maxConnections>
<connectionTimeout>1.0</connectionTimeout>
</defaultProvider>
</database>
<setup>true</setup>
<ldap>
<baseDN>dc=child,dc=parent,dc=com</baseDN>
<alternatebaseDN>dc=parent,dc=com</alternatebaseDN>
<adminDN>cn=myADuser,cn=users,dc=child,dc=parent,dc=com</adminDN>
<adminPassword>myADpassword!</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>false</sslEnabled>
<ldapDebugEnabled>true</ldapDebugEnabled>
<autoFollowReferrals>true</autoFollowReferrals>
<usernameField>sAMAccountName</usernameField>
<searchFilter>(objectclass=organizationalPerson)</searchFilter>
<vcard-mapping><![CDATA[
<vCard xmlns=“vcard-temp”>
<N>
<N><FAMILY></FAMILY><GIVEN></GIVEN></N>
</N>
<EMAIL>
<INTERNET/>
<USERID></USERID>
</EMAIL>
<FN></FN> <NICKNAME></NICKNAME>
<ADR>
<HOME/>
</ADR>
<ADR>
<WORK/>
</ADR>
</vCard>]]></vcard-mapping>
<nameField>displayName</nameField>
<emailField>mail</emailField>
<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<posixMode>false</posixMode>
<groupSearchFilter>(objectclass=group)</groupSearchFilter>
</ldap>
<provider>
<vcard>
<className>org.jivesoftware.openfire.ldap.LdapVCardProvider</className >
</vcard>
<user>
<className>org.jivesoftware.openfire.ldap.LdapUserProvider</className& gt;
</user>
<auth>
<className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className& gt;
</auth>
<group>
<className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className >
</group>
</provider>
</jive>