Firstly id like to say thanks to the Jive messenger developers, great product! Secondly, I have a questions about Multiple OU’'s and LDAP settings. Please forgive if this is pretty obviouse but I am just trying to get it all figured out.
here is our domain tree
Domain.local
ou=Employees
ou=Computers
ou=Users
ou=OtherPeople
ou=Computers
ou=Users
ou=SomeMorePeople
ou=Computers
ou=Users
cn=Users (Users from an NT upgrade)
There are more OU’‘s and containers’‘s but these are the only ones I want to get to. What is the easiest way to setup the LDAP settings if I only want people from these OU’‘s (Employee’'s, OtherPeople, MoreOtherPeople) and the container Users.
Here is my current LDAP settings:
Currently I am only grabbing users from the cn=Users, how can I enable these settings to let me grab users from the specified OU’'s (and inside the OU, its Users OU and not Computers) and my users container.
Hi. I reckon you want to customize your LDAP search filter - have a look at an entry under ou=Users and one under ou=Computers - what’‘s different about them? Presumably there should be some objectclasses that the entries under ou=Users belong to, but the ones under ou=Computers don’‘t (I’'m talking in general terms here, '‘cause it’'s been a while since I looked an AD server…).
…as an example, on other LDAP servers, you might have users with an objectclass of, say, inetOrgPerson or posixAccount, but you wouldn’‘t have a computer entry with either of those objectclasses. as such, you can then go and change your LDAP search filter in jive’'s config file to only match entries that have objectclass=posixAccount
We use the ou=Computers for the domian computer profiles, each computer that logs into our domain has a profile created so that we can keep track of what computer each user is using. So you are right, they should not be picked up if we use the search filter (Thanks!).
So I should not point the LDAP settings to a specific container but rather let it search the whole domain and then filter it so that it only picks up the users that we want?
So I should not point the LDAP settings to a specific
container but rather let it search the whole domain
and then filter it so that it only picks up the users
that we want?
Well, the search base should be at the top of the smallest subset of data you can search across (which in this case might just be the whole domain, unfortunately). From there, you filter.
Thanks alot it worked, after reviewing my domain setup and what I had to take into account I was finally able to get everything working. Thanks for the help