powered by Jive Software

Openfire per group/location with limitations on who sees who


#1

Ok… We have multiple locations where we have managers and employees at each location. Currently we have only managers at the locations able to chat with other managers/locations, etc. Our property value pulls out the group in which users are a member of here (&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=chatusers,OU=Security Groups,OU=Resource Accounts,DC=domain,DC=com)))

We would like everyone at a single location to talk with each other and only the managers at each location to be able to see others outside of their specific location. Is this possible and if so, any tips on where to look? I looked into this a while back and thought I could get it to work, although things got in the way and I’ve kind of lost where my research was at that point.

We are running openfire v4.3.2 and using spark as a client


#2

For group employees1 you enable sharing and pick only managers1 to share to (or pick all managers groups, if you want all managers to see all the employees from all locations). This will make employees1 group to appear for everyone in employees1 and managers1 groups (yes, it also shares the group to itself). Do the same for second location. Then you share managers1 group to employees1 and to managers2. So managers1 group will appear for everyone in groups: managers1, employees1 and managers2. Do this for all locations.


#4

So what exactly would I need to put in ldap.searchFilter to be able to have mutliple groups? Right now we have it as
(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=chatusers,OU=Security Groups,OU=Resource Accounts,DC=Domain,DC=com)))

This allows everyone in “chatusers” to be able to use Openfire & see everyone. Do I need to remove chatusers from seeing everyone and add each to a group of either managers (to see everyone) or locationAemployees, locationBemployees, etc? And if so, how would I go about adding separate groups to the search filter line?


#5

I’m not familiar with LDAP filters, so can’t help with that. I guess your filter has to just pull all groups and then you set sharing for them. Maybe it should point to a higher level container, which holds all the managers and employees groups.


#6

Ahhh, that’s kind of where I am stuck at. We have “chatusers” as a group, although I’m not sure how to get anyone spark that isn’t in that group. That group has access to all accounts. I am building a second openfire system for testing and I will attempt to create a group and add user to multiple groups, with only the second group having permissions for seeing other people in spark