powered by Jive Software

Need help--LDAP setup with two Base DN where users are located

I have two organizational units “Staff” and “Admin” where users are located in the Active Directory. How can I include them both in Base DN for the connection setup?

I tried this: ou=staff, ou=admin;dc=abc,dc=org

Openface didn’t like it. Any Advice?

Options that I know of:

  1. Add the following system property to openfire.xml:
  <!-- <alternateBaseDN></alternateBaseDN> -->
  1. Use a baseDN of: dc=abc,dc=org. I.E. The entire AD Domain. This is best used in combination with a search filter.

Here’s an example of how I have configured Openfire for use with AD:

    <searchFilter><![CDATA[(&(sAMAccountName={0})(objectCategory=person)(memberOf=CN=Openfire Roles - Users,OU=Groups,DC=acme,DC=root,DC=local))\]\]\></searchFilter>
    <groupSearchFilter><![CDATA[(&(objectCategory=group)(DC=Openfire Roles*))\]\]\></groupSearchFilter>

what about if you just put the base dn in at the top for example dc=acme;dc=root;dc=local and leave out the ou= part then the whole ad tree will fall in there

If I understand you correctly that is what I suggested as option number 2.

yep sorry I did not read all the way down