Multiple OU''s in AD

Zac · August 5, 2005, 9:14pm

Hello,

Firstly id like to say thanks to the Jive messenger developers, great product! Secondly, I have a questions about Multiple OU’'s and LDAP settings. Please forgive if this is pretty obviouse but I am just trying to get it all figured out.

here is our domain tree

Domain.local

ou=Employees

ou=Computers

ou=Users

ou=OtherPeople

ou=Computers

ou=Users

ou=SomeMorePeople

ou=Computers

ou=Users

cn=Users (Users from an NT upgrade)

There are more OU’‘s and containers’‘s but these are the only ones I want to get to. What is the easiest way to setup the LDAP settings if I only want people from these OU’‘s (Employee’'s, OtherPeople, MoreOtherPeople) and the container Users.

Here is my current LDAP settings:

Currently I am only grabbing users from the cn=Users, how can I enable these settings to let me grab users from the specified OU’'s (and inside the OU, its Users OU and not Computers) and my users container.

Thanks!

Andrew_J_Cosgriff · August 7, 2005, 10:19pm

Hi. I reckon you want to customize your LDAP search filter - have a look at an entry under ou=Users and one under ou=Computers - what’‘s different about them? Presumably there should be some objectclasses that the entries under ou=Users belong to, but the ones under ou=Computers don’‘t (I’'m talking in general terms here, '‘cause it’'s been a while since I looked an AD server…).

…as an example, on other LDAP servers, you might have users with an objectclass of, say, inetOrgPerson or posixAccount, but you wouldn’‘t have a computer entry with either of those objectclasses. as such, you can then go and change your LDAP search filter in jive’'s config file to only match entries that have objectclass=posixAccount

so on my server, i have a search filter of

(&(uid=)(objectClass=posixAccount)(ou=departmentname))

which just matches user entries, and only those in a particular department (since we haven’'t yet rolled it out to the entire company).

Don’'t forget to have a read of the LDAP guide at http://jivesoftware.org/builds/messenger/docs/latest/documentation/ldap-guide.ht ml - it explains some gnarly stuff you need to remember to do when you put an LDAP search filter into the xml config file…

Have fun,

Cos.

Zac · August 8, 2005, 12:47am

We use the ou=Computers for the domian computer profiles, each computer that logs into our domain has a profile created so that we can keep track of what computer each user is using. So you are right, they should not be picked up if we use the search filter (Thanks!).

So I should not point the LDAP settings to a specific container but rather let it search the whole domain and then filter it so that it only picks up the users that we want?

Thanks!

ima give that a try.

Greg_Ferguson · August 8, 2005, 1:32am

Change the following line in your XML config file.

If you have any other questions let me know.

Greg

Zac · August 8, 2005, 4:33am

Will try it tomorrow,

Thanks!

Andrew_J_Cosgriff · August 8, 2005, 9:28am

So I should not point the LDAP settings to a specific

container but rather let it search the whole domain

and then filter it so that it only picks up the users

that we want?

Well, the search base should be at the top of the smallest subset of data you can search across (which in this case might just be the whole domain, unfortunately). From there, you filter.

Zac · August 11, 2005, 4:59pm

Thanks alot it worked, after reviewing my domain setup and what I had to take into account I was finally able to get everything working. Thanks for the help

Here is my working config.