Ive tried repeatedly to get it to connect and tried changing the DN but it keeps saying it can not connect and to make sure their is no firewall so i temporarily set it up to use the server database to store users. I do want to change it back to LDAP and use the Active Directory.
The host name should be server1 and port is 389
I set the base dn to cn=users;dc=domain,dc=net
and the administrator i went ahead and just used administrator@domain.net and the supplied password. But it kept giving me errors.
Also all my users are in different OUs. I have 5 OUs with users that i need access to IM for. How do i do that?
The domain controller should use the fully qualified domain name, server1.domain.net.
The Openfire server should also have a FQDN in AD DNS. This will generally be the name of the server that was used to bind the server to AD.
Your baseDN need to point to the top most OU that contains your other OUs that hold the users. Your structure is incorrect for the baseDN it should be ou=users;dc=domain;dc=net
your adminDN is fine the way it is.
the problem is i have 5 OUs that need access to OpenFire. How do you set it to just pull those 5 OUs instead of everything? I got it connected to Active Directory but its pulling every possible user and group it can find.
you can use a filter in your openfire.xml file
like this to filter users:
<usernameField>sAMAccountName</usernameField>
<searchFilter>(objectClass=organizationalPerson)(|(memberOf=cn=chat_admin ,ou=security groups, dc=my, dc=domain, dc=com)(memberOf=cn=chat_security,ou=security groups, d
c=my, dc=domain, dc=com)(memberOf=cn=chat_it,ou=security groups, dc=my, dc=domain, dc=com)(memberOf=cn=chat_hr,ou=security groups, dc=my, dc=domain, dc=com))</searchFilter>
<vcard-mapping><![CDATA[
<vCard xmlns=“vcard-temp”>
or this to filter groups (any groups that start with chat_:
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<posixMode>false</posixMode>
<groupSearchFilter>(objectClass=group)(cn=chat_*)</groupSearchFilter&g t;
- If I remember correctly, you’ll need to use the full path LDAP to the admin account, not the UPN. So, that’d be cn=administrator,cn=users,dc=domain,dc=com or similar.
D
this never works for me when I try to bind anything to AD, openfire, apache, web-based apps,… I always have to use username@my.domain.com
That isn’t actually true; the users object is a container in Active Directory, not an Organisational Unit.
Therefore it should be referred to as cn=users, dc=domain, dc=com NOT ou=users…
That’s bizarre. I use it for Openfire, Apache and various other applications and have never had an issue with it.
If you want help working out why it doesn’t work in your environment, drop me a mail; Active Directory is what I previously specialised in (when working for a large software company beginning with M and ending soft).
Ok i still havent been able to get it to work even as a filter. So i cheated and just made 3 groups in AD and assigned certain users to those groups and now i can manage openfire better.
On a sidenote im having another problem… http://www.igniterealtime.org/community/thread/32768?tstart=0