powered by Jive Software

Multiple Ldap Servers

Hi,

I have a network with one domain and multiple subdomains. How i could configure in server setting of Openfire to read all users of the domain and subdomains ??

Example of my network:

mydomain.com (domain)

usa.mydomain.com (subdomain)

uk.mydomain.com (subdomain)

brasil.mydomain.com (subdomain)

With the next configuration I only see the users of the principal domain:

Host:
domaincontroller.mydomain.com
Port:
389
Base DN:
dc=“mydomain”,dc=“com”
Administrator DN:
administrator

Best Regards,

If this is active directory then you can also make your host mydomain.com. It will find the nearest DC.

This is an excerpt from my AD LDAP setup doc http://www.igniterealtime.org/community/docs/DOC-1554

Forrest with Multiple Trees

For more complicated AD Forrests, such as one with 2 or more sub domains you will need to set your BaseDN to the top of the Forrest. In our example domain it would be: DC=intra,DC=domain,DC=com but you need to change the port to 3268. This will allow you to access users from all the domains in the Forrest. Filters will be of the utmost importance to limit what accounts and groups show in the Openfire admin website.

The link posted above is now broken unfortunately. One follow up question - at what point in the release history does OpenFire support DNS based resolution of LDAP servers in an active directory environment?

What do you mean DNS based?

“If this is active directory then you can also make your host mydomain.com. It will find the nearest DC.”

This mechanism traditionally uses DNS SRV records from the AD domain.

-David

I have been using this method since openfire 3.5 so i do not know if it was possible before this version. All my machines will connect to the closest DC if enter just the domain in the run command. we did nothing special with DNS to make this happen.

Yeah, it’s done behind the scenes with Active Directory. I have 3.5.1 and tried using only the domain name (specified in the config file), with no success, which is why I’m asking. Our other systems in the domain are correctly binding, however.

It should work fine if you take what ever your dc=something,dc=domain,dc=com and turn it into something.domain.com for your host. Or what ever the extent of your DC settings are.