Allan1
November 21, 2007, 1:54am
1
I have two organizational units “Staff” and “Admin” where users are located in the Active Directory. How can I include them both in Base DN for the connection setup?
I tried this: ou=staff, ou=admin;dc=abc,dc=org
Openface didn’t like it. Any Advice?
Options that I know of:
Add the following system property to openfire.xml:
<!-- <alternateBaseDN></alternateBaseDN> -->
Use a baseDN of: dc=abc,dc=org. I.E. The entire AD Domain. This is best used in combination with a search filter.
Here’s an example of how I have configured Openfire for use with AD:
<ldap>
<host>acme.root.local</host>
<port>636</port>
<baseDN>DC=acme,DC=root,DC=local</baseDN>
<!--<alternateBaseDN></alternateBaseDN>-->
<adminDN>service_xmpp@acme.root.local</adminDN>
<adminPassword>secret</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>true</sslEnabled>
<ldapDebugEnabled>false</ldapDebugEnabled>
<autoFollowReferrals>false</autoFollowReferrals>
<subTreeSearch>true</subTreeSearch>
<usernameField>sAMAccountName</usernameField>
<searchFilter><![CDATA[(&(sAMAccountName={0})(objectCategory=person)(memberOf=CN=Openfire Roles - Users,OU=Groups,DC=acme,DC=root,DC=local))\]\]\></searchFilter>
<nameField>name</nameField>
<emailField>mail</emailField>
<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<posixMode>false</posixMode>
<groupSearchFilter><![CDATA[(&(objectCategory=group)(DC=Openfire Roles*))\]\]\></groupSearchFilter>
</ldap>
matt12
November 21, 2007, 7:26pm
3
what about if you just put the base dn in at the top for example dc=acme;dc=root;dc=local and leave out the ou= part then the whole ad tree will fall in there
If I understand you correctly that is what I suggested as option number 2.
matt12
November 21, 2007, 7:30pm
5
yep sorry I did not read all the way down