powered by Jive Software

OU and CN BaseDN / No groups

Problem 1 - If I use the following example for my BaseDN I dont get any groups (OU’s to share)

                Base DN:  OU="ExampleUsers",dc="mydomain",dc="com"

Problem 2 - If I use the following for my BaseDN I get to share my OU - But, not all of my users in the OU get shared

                Base DN:  dc="mydomain",dc="com"

Solution/Work around - To use Base DN: dc=“mydomain”,dc=“com” - I have to share to “All Users”

Problem 3 - The problem with doing my work around is, well, it shares all users - haha - Which I have some service user accounts I dont want people to see.

Question - How can I use Base DN: OU=“ExampleUsers”,dc=“mydomain”,dc=“com” and be able to share a OU group at the same time?

TIA - I tried asking this in my other thread. But, after messing around with OpenFire - I think I have better described what I am asking, seeing.


I wonder if ldap.alternateBaseDN may help you to restrict the users. According to http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html “the alternate base DN will be used for authentication, loading single users and displaying a list of users. Content in the base DN and the alternate DN will be treated as one”.


Opening conf/openfire.xmldoesnt give me any kind of config really that I can edit (I am using a XML editor). Below is all it gives me. For no reason what so ever my “work around” no longer works. Also, I am using OpenFire 3.6.2 with the embedded db for now until I can justify moving it to SQL. Thanks


This file stores bootstrap properties needed by Openfire. Property names must be in the format: "prop.name.is.blah=value" That will be stored as: <prop> <name> <is> <blah>value</blah> </is> </name> </prop> Most properties are stored in the Openfire database. A property viewer and editor is included in the admin console.








Network settings. By default, Openfire will bind to all network interfaces.       Alternatively, you can specify a specific network interfaces that the server       will listen on. For example, This setting is generally only useful        on multi-homed servers.



<network>         <interface></interface>     </network>







almost all settings are now stored in the database not in the xml file. you need to adjust the settings via the admin web interface, under the system properties.

Thanks -

So, I added

ldap.alternateBaseDN OU=“TestUsers”,dc=“mydomain”,dc=“com”

restarted the Openfire service - Cleared User and Roster cache and still no joy

Its just so weird - I can go into the admin console User Properties and click on one of the Users that is not showing in the Roster (OU Group) that I shared and it does in fact show one of there groups as the one that I am showing.

But, if I go into Groups and click on the group that I am sharing it does not show that user as part of the group.

As stated above even with the Share with all users clicked - I can longer see those people anymore for no reason what so ever (I was using this as a work around)

Just really weird -

Edit - Just noticed in my error log I am getting the following

org.jivesoftware.openfire.group.GroupNotFoundException: Groupname MyOUGroupName not found

Also ran a debug and came up with the following

2008.12.16 08:52:51 001436 (01/03/00) - #2 registered a statement as closed which wasn’t known to be open. This could happen if you close a statement twice.

First we should clarify, you can not share an OU. You can share a group (a CN). Make sure you are entering the correct information into your config based on this information.

Additionally, what LDAP are you using, OpenLDAP, AD, eDirectory, etc.

Active Directory

Hmm - I will try to create a new CN and put the users in that. The weird thing is, I am sharing a OU and its (kind of) working minus the few people that I am missing - I will try the CN first and let you know

Openfire does not recognise OUs as groups unless you have seriously configured it incorrectly. For this reason you cannot share the OU in openfire. If you can see an OU and Share it then you need to revisit your configuration because it is flawed.

Am sorry let me correct myself here - I am sharing a Universal Security Group - That is inside of a OU - Sorry for the confusion

Okay I created a new CN called testuser in AD - I put all 9 of my “problem” people that are not showing up in this new CN. Same problem - If you go to the user problem you see them in the new CN (along with there other CN groups) - But they are not showing up in the group properties of the new group.

Also, Spark is not showing the new group - Even after sharing with all users, clearing cache and restarting the OpenFire service.


Without actually seeing your configuration I don not know how much help I can be with this issue. There is something wrong either in your AD settings for those users or your openfire config. But it is like looking ofr a needle in a haystack via the forums.