Openfire doesn't pull in all users in AD group Users

Bill_Kyriakakis · October 10, 2007, 9:23pm

All of our domain users exist in the Users CN. I’ll provide a copy of the openfire.xml at the bottom of this message. When I go to Users/Groups in the administrator’s console I see all of the Users. When I go to the Groups section, it loads all of the Groups defined in my AD, but the number of users that are members in those groups is wrong. For example we have 214 users, only 4 show up in the Domain Users group. If I go to AD and I open Domain Users, and look who are the members, all 214 users are displayed.

Does anyone know why only 4 of the 214 users are coming up in the group?

I left out the vcard-mapping…

<ldap>

<baseDN>cn=Users;dc=fidelity;dc=local</baseDN>

<adminDN>xxxxxxxxx</adminDN>

<adminPassword>xxxxxxxx</adminPassword>

<sslEnabled>false</sslEnabled>

<ldapDebugEnabled>false</ldapDebugEnabled>

<autoFollowReferrals>false</autoFollowReferrals>

<usernameField>sAMAccountName</usernameField>

<searchFilter>(objectClass=user)</searchFilter><nameField>cn& lt;/nameField>

<groupMemberField>member</groupMemberField>

<groupDescriptionField>description</groupDescriptionField>

<posixMode>false</posixMode>

<groupSearchFilter>(objectClass=group)</groupSearchFilter>

</ldap>

Jarred_Cleem · November 9, 2007, 8:50pm

I have the same problem. Has this been resolved?

Bill1 · November 9, 2007, 11:49pm

Do you have this under <provider> ?

<group>

<className>org.jivesoftware.openfire.ldap.LdapGroupProvider</className >

</group>

Bill_Kyriakakis · November 10, 2007, 1:01am

Yes I resolved this issue. What you need to do is create a new group in AD, for example ‘Jabber IM’ and add all the users to that group. Then in your LDAP config change the ‘cn=Users’ for ‘cn=Jabber IM’ and it will work. From what I read its a limitation of openLDAP and AD.

Bill_Kyriakakis · November 10, 2007, 1:01am

Read my post above.