OpenFire AD Security Group - Issues

Brian25 · February 19, 2013, 6:18pm

Good Afternoon,

What do I input for BaseDN, Search Fields, User Filter and Group Filter

Below is my Ad structure

I want ONLY members of the OpenFire_Users Group pulled into openfire and have the ability to authenticate through Pidgin to openfire.
I installed OpenFire 3.8.0 and could not chat w/other users… (seems to be a known issue) I tried 3.8.1 beta and after installing, openfire was not even showing up as a service on the server, I decided to install 3.7.2 and COULD communicate between users, but it was pulling ALL ad users in ALONG with OpenFire_Users, but that is now how I wanted it… Again, I want only the group specified to be pulled in.
Is there a way to pre-populate users inside of everyones chat? For example, when a users logs in for the first time, he/she see’s ALL available chat users… This would eliminate the user having to “add” each user individually.
I would like Domain Admins to be admins… or Do I need to add admins individually?
Whenever I made my base DN dc=domain,dc=com I could add admins on the last step of the set-up but when I drilled down to the OU containing the user group (OpenFire_Users), I could not add admins on the last step of the setup? Do I need to specify where the admins reside?

THANK YOU in advance

Brian
OpenFire_Help.doc (463872 Bytes)

speedy · February 19, 2013, 7:25pm

I wrote this up a while ago, and this is how I handle my groups

hope it helps.

Brian25 · February 19, 2013, 8:09pm

Thanks for the reply…

I think that I am stuck here:

ldap.searchfilter

(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire Access Group,CN=Users,DC=AD-DOMAIN,DC=local)))

where does this information go? where you have 1.2.840.113556.1.4.1941

what is that? is that unique to a server?

THANKS AGAIN!

Brian

Brian25 · February 19, 2013, 8:48pm

ALso, whenever I successfully remove ALL of the names… and keep ONLY the group that I want w/in openfire users/groups… once I log out, I lock myself out… I have the admin account underneat the security group… but it still locks out…

speedy · February 19, 2013, 8:55pm

please post your filter string.

Brian25 · February 19, 2013, 9:20pm

I have another document attached filled with information/settings!

Thanks Again for your help…

Brian
OpenFire2.doc (622080 Bytes)

speedy · February 20, 2013, 3:53am

make your basedn

dc=whatever,dc=something,dc=com

leave group search filter default ( this is used for roster groups and not for authentication)

for search filter

(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire_Users,OU=Security Groups,DC=Whatever,DC=something,DC=com)))

Make sure your security group is a LOCAL DOMAIN group and not Global or universal group.

before you get started, make sure your admin account is a member of the security group

Let me know if that helps. If not, shot me a PM

Patricio2 · June 14, 2015, 8:55pm

Hi Brian,

Did you fix this issue?, I’m facing the issue right now and I follow the same instructions without success.

Let me know.

Regards.