powered by Jive Software

Need help--LDAP setup with two Base DN where users are located

I have two organizational units “Staff” and “Admin” where users are located in the Active Directory. How can I include them both in Base DN for the connection setup?

I tried this: ou=staff, ou=admin;dc=abc,dc=org

Openface didn’t like it. Any Advice?

Options that I know of:

  1. Add the following system property to openfire.xml:
  <!-- <alternateBaseDN></alternateBaseDN> -->
  1. Use a baseDN of: dc=abc,dc=org. I.E. The entire AD Domain. This is best used in combination with a search filter.

Here’s an example of how I have configured Openfire for use with AD:

<ldap>
    <host>acme.root.local</host>
    <port>636</port>
    <baseDN>DC=acme,DC=root,DC=local</baseDN>
    <!--<alternateBaseDN></alternateBaseDN>-->
    <adminDN>service_xmpp@acme.root.local</adminDN>
    <adminPassword>secret</adminPassword>
    <connectionPoolEnabled>true</connectionPoolEnabled>
    <sslEnabled>true</sslEnabled>
    <ldapDebugEnabled>false</ldapDebugEnabled>
    <autoFollowReferrals>false</autoFollowReferrals>
    <subTreeSearch>true</subTreeSearch>
    <usernameField>sAMAccountName</usernameField>
    <searchFilter><![CDATA[(&(sAMAccountName={0})(objectCategory=person)(memberOf=CN=Openfire Roles - Users,OU=Groups,DC=acme,DC=root,DC=local))\]\]\></searchFilter>
    <nameField>name</nameField>
    <emailField>mail</emailField>
    <groupNameField>cn</groupNameField>
    <groupMemberField>member</groupMemberField>
    <groupDescriptionField>description</groupDescriptionField>
    <posixMode>false</posixMode>
    <groupSearchFilter><![CDATA[(&(objectCategory=group)(DC=Openfire Roles*))\]\]\></groupSearchFilter>
</ldap>

what about if you just put the base dn in at the top for example dc=acme;dc=root;dc=local and leave out the ou= part then the whole ad tree will fall in there

If I understand you correctly that is what I suggested as option number 2.

yep sorry I did not read all the way down