I have OpenFire 3.5.0 running against a windows 2003 Active Directory network. At the active directory level, my users are not in the standard ‘users’ folder, they are instead in a folder named ‘LRDC’. I cannot get the system to work with the LRDC forlder. I have it successfully retrieving users from the standard ‘users’ folder, and have added the alternateBaseDN line into the config file, but it doesn’t seem to work. I have pasted below the lines form the config file. My AD domain is int.lrdc.com. Could the problem be that the folder is named the same as the cn of the domain? Thanks in advance for the help
<ldap>
<host>lrdcdc</host>
<port>389</port>
<baseDN>cn=users;dc=int,dc=lrdc,dc=com</baseDN>
<alternateBaseDN>cn=LRDC;dc=int,dc=lrdc,dc=com</alternateBaseDN>
<adminDN>cn=Administrator,cn=users,dc=int,dc=lrdc,dc=com</adminDN>
<adminPassword>sa</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>false</sslEnabled>
<ldapDebugEnabled>false</ldapDebugEnabled>
<autoFollowReferrals>true</autoFollowReferrals>
<usernameField>sAMAccountName</usernameField>
<searchFilter>(objectClass=organizationalPerson)</searchFilter>
<vcard-mapping><![CDATA[
I am not sure if alternateBaseDN works correctly or not. But your syntax is wrong. It should be:
<baseDN>OU=LRDC;DC=int,DC=lrdc,DC=com</baseDN>
For your admin dn you could just use administrator@int.lrdc.com, but I would not use the default domain admin since the password is stored in plain text in the openfire.xml
I appreciate your quick, and correct reply. I changed to your syntax and it works.
I will create a different user. I did remember to change the password and post a fake one, but I hadn’t thought about the xml file saving it as plain text being a problem. Do you know offhand what rights the new user I create needs to have? MH
The user should only need domain read rights. So a standard domain user should be fine.
you seem to have good answers, I have another question if you would like to answer. Or of course I could start another thread.
I am now trying to create groups so my users will be viewable pregrouped, and it keeps erroring when i try to make a group. The error log has the following:
2008.04.23 15:23:34 [org.jivesoftware.openfire.admin.group_002dcreate_jsp._jspService(group_002dcre ate_jsp.java:129)
]
java.lang.UnsupportedOperationException
at org.jivesoftware.openfire.ldap.LdapGroupProvider.createGroup(LdapGroupProvider. java:67)
at org.jivesoftware.openfire.group.GroupManager.createGroup(GroupManager.java:177)
at org.jivesoftware.openfire.admin.group_002dcreate_jsp._jspService(group_002dcrea te_jsp.java:106)
Is it trying to create a group in my AD? Should I expect my existing AD groups to show up in Openfire? I went on the thought that I would have to handle groups there instead of in AD. MH
when you connect to an ldap server in openfire it is read only, that means openfire can’t create or edit users and groups. create them in AD