I’m having a few issues linking OpenFire in with our Active Directory system. We have about 40,000 users in the system and it seems that OpenFire tries to download all users every time user info is needed instead of just looking up the ones it needs (which are about 50 of these users I’m interested in.) This means that every time you click on the tab to view the users, you have to sit there for about 30 seconds while it downloads the list. (It then displays a mere 10 of these users, and clicking onto the next page causes another 30 second delay to display the next 10 users…) Needless to say, this seems very inefficient.
It also tells me that I only have 1,000 users on the system. This perhaps explains why there are users missing from the prepopulated groups on everyone’s roster.
Unfortunately I can’t narrow down the base DN as the users we are interested in are spread right across the AD structure, so the base DN is already as specific as it can be - any more so and users we want don’t appear.
Is this just a limitation of the way OpenFire uses LDAP? Would I be better off switching to a MySQL database and writing some scripts myself to populate it with data from LDAP? It seems a shame to ignore OpenFire’s LDAP support, but unfortunately it doesn’t seem to be written to scale very well. (Or hopefully I’m just doing something wrong!)
All the users we are interested in are in a single AD group, but I was unable to modify the user search criteria to only return results from this group (mostly because AD LDAP doesn’t support nested groups, nor wildcard matching on the memberOf attribute.)
Any suggestions or is LDAP not recommended for larger organisations?