I have an issue with LDAP integration. It seems to me that if I try to use our top-level AD group to display automatically in everyone’'s rosters, the rosters simply list the groups within that group as though they were Jabber contacts, rather than expanding the subgroups, and giving the members. Am I misunderstanding something about the way in which this should work?
BTW, I branched your message into a new thread since it’'s unrelated to the thread you posted in.
I’‘m not sure I understand exactly how this works. Do you have groups within groups? I’'d like to replicate this in my AD testing server. Also, are groups within groups common on other LDAP servers?
I can’‘t speak for Tom, but thats exactly how I understood him. He has nested groups in his LDAP configuration. As for the roster problem, I have seen this when I have tested LDAP groups around version 2.4. I originally had an IMGroup which then had various groups as members. No one showed up in shared rosters. I had to add every user individually to IMGroup, but I haven’'t tested this recently.
Anyway, I beleive nested groups are a pretty common configuration as it would simplify changes. If someone changes departments, you would then have to change the department and groups and permissions change accordingly. Though it might be best to make it a choice to use subtree or flat configurations similar to the searchFilters feature added in 3.0.0.
The Unix standard dosnt allow groups within groups. So anyone using LDAP for plain-unix (Linux, etc) wont have that. Nor will OS X.
You can have nested groups in OS X 10.4 server…
…am currently trying to get our test setup here to check against users within bunch of nested groups, without much luck I hasten to add.
If you mark any of the nested groups as “shared”, that works correctly, right? I think the main issue is when you have a setup such as:
And you want to mark the “Jive Software” group as shared and see all members.
Apologies. I forgot about this query. Yes, this is exactly what I am talking about. Our Active Directory structure has three directorate groups, in which are various team groups, in which are individual people. I was hoping just to be able to add the top-level groups, and see the nested groups added. But then, does Wildfire have the concept of nested contact groups?
I’‘m very surprised to hear that LDAP doesn’'t support groups within groups. How can one ever describe a complex corporate structure without this?
The current workaround would be to mark each of the sub-groups as shared groups. However, I think this is a good feature request, so I’'ve filed it as JM-806.
Many thanks, Matt. I’'ve worked around it by simply creating a Wildfire Group and adding that, but that means our organizational structure is not reflected in the roster, so again, thanks.