powered by Jive Software

Multiple AD OU's and AD domains

Hi all, I’m very new to this and need some help please. I have configured an alternate BaseDN for a second OU and this has worked fine. But we would now like to know if it is possible to add a OU from another AD domain and if so how to do so. Our AD forest consists of one root and two child domains.

Thanks in advance,

Ok maybe i’m not explaining myself clearly enough. Simply put does anyone know if Openfire supports multiple Active directory domains? If i cannot specify multiple user OU’s in seperate domains what are my alternatives? Any suggestions?

Thanks again,

I’m looking for the same answer I believe.

It was suggested to setup 2 servers…one for each domain, but they failed to give me instructions on how to allow Domain A/Server A users using spark to be able to search for Domain B/Server B users. I got this working on my own one time, but have not been able to replicate it on a production server.

I have been looking for an answer for over a month now and have contacted support and they tell me it isn’t possible, but it must be since I had it working.

There is a trick I used that exploits the Global Catalog server, which stores a subset of all the accounts within an AD forest. There is one thing you will need to be aware of though, out of the box, AD only caches universal group memberships in the space of the GC, so if you are using AD to populate your groups they would need to be universal groups. ok, now that, that is said… there are a few other gotchas… the photo option that allows you to store a photo in AD and display it in Spark and as part of your profile also is not cached in the GC.

Those short comings can be over come with making changes in AD to allow those attributes to be available to the GC.

This article outlines the use of the jpegphoto attribute in general if you want to use it with AD, http://msdn2.microsoft.com/en-us/library/ms676813(VS.85).aspx

This article will outline how to replicate an attribute with the GC, http://technet2.microsoft.com/windowsserver/en/library/42ae2845-a7aa-4f02-8944-1 75f6541125f1033.mspx?mfr=true

To set up your openfire.xml, point to the GC ldap port which is: 3268 or 3269 for SSL

Make sure the server you point to is a GC. Also make sure that your base path for users is either very broad, like:

dc=jivesoftware,dc=com if that is your forest root.

You could make it like this…

ldap.baseDN: dc=domain1,dc=jivesoftware,dc=com

ldap.alternateBaseDN : dc=domain2,dc=jivesoftware,dc=com

I hope this info helps