Pointers.. AD/LDAP

In the past (4 months ago) I got a Openfire/Spark setup running using AD to populate the user list & logins.

My partner on that project figured out the AD part in the middle of the night.

Now i am stuck on that same phase as then. I get the base DN set, but when i get to the User & Groups area of setup, a test finds no users.

Is there a clean & clear document/forum for setting up a basic AD installation of Openfire / Spark?

Any help would be greatly appreciated!

I was using:

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

It seems i was looking to far into that situation. Now i am past that area, but i am only pulling a couple random admin accounts as users. Not the actual user list.

something is not pointed in the correct spot. Any ideas?

I just set up my Openfire server with the users searching from the root since users are all over the tree. As far as groups we made specific IM groups for each dept, then added all the users to the im department groups, and only shared those groups with all the users so everyone sees everyone when logged in.





<adminDN>CN=Openfire Admin, OU=IT,DC=foo,DC=ad</adminDN>








I am now stuck on the groups…

In the group summery I show all the groups we imported. But not a user in any of them. If i search for users they will show up.

I tried making a new group, then adding All Users -but none were added. Something is still not set… but i am close!

one area i think could be the problem, We have the users & groups mapped to the same area.

Any ideas?

Are you using NT groups? If so after I added a new user to it i had to restart the openfire server for it to pick that up. You may want to try that. If not can you be a bit more specific about how you made the groups? I also used specific usernames and not groups in my groups.

well all the groups were pulled right from Active Directory, so there is a lot.

I would like to just create 1 group, and add the users to it. When they load spark, the user list is already in it.

Does this have something to do with Rosters perhaps?

You could share the domain users group. Just enable contact list group sharing, Give it the name you want to use. Check the box for share with additional users and then select all users. Hit save and you should be golden. This is all done after clicking on a group.

Ya were missing something major here. I created a group called IT Group, shared it with All Users.

But still no members are listed in any of the group fields.

If i open spark and search for a user, they all are there but under groups, only the default “friends” is there.

Should not OpenFire be pushing this data to Spark? I will post our xml

  1. Is it an NT group or Openfire server group?

1a. In the server admin console can you see the members in the group when you click on the group?

  1. Have you restarted the server and then the client?

Well i guess it’s an NT group

The server admin shows no members in the groups. Under Users they are all shown. When a user is clicked, they belong to no groups.

The server has been rebooted

our group mapping is the same string as our user mapping? <-- what do you think about that

I have no idea at this point and can only guess that your ldap isnt quite functioning properly. Maybe trying clearing the group and group metadata cache? I only just started using this myself last week.

thanks for the help, i know were close!

If you go into the Profile Settings you can test your ldap configuration. If you need some screen shots of what mine looks like let me know.

Please post your openfire.xml file. I doubt there is anything wrong with your LDAP servers. This is most likely a openfire configuration issue. Your openfire.xml file contains all this config data. Just be sure to modify passwords for security purposes.

Here it is… I think your right, the users are all there, just none in any groups…

thanks for the help

Ok so I fixed your AD vCard mappings and the namefield setting to be correct for AD. Beyond that it looks correct. Make sure your baseDN that you set contains all OUs that have user accounts or groups you wish to include in openfire. Anything outside that baseDN with not show in openfire.

Thanks a lot for the fix. My question now must turn to AD itself.

I see alot of people creating a group just for Openfire within AD. Then connecting all users of the IM system into it -i’m a little vague on this

Perhaps something like this is needed in order to make the user list populate in Spark?

When this is all done I will post the newbie method for AD/OpenFire/Spark SSO setup!

You should not need to create groups specific for Openfire in AD. That being said I have found it minimizes the errors with LDAP integration with AD when I did. I purposefully restructured my AD to be more friendly to LDAP integrated apps, which inturn also made management by group policy easier. Reorganizing your AD tree is simple and if done with care causes no issues. I have attached an image with my AD layout. Note the ChatGroups are in the same OU as all the accounts (the ones used for chat at least).

here are the docs I created when I did SSO

thanks alot, i will run through this info & see if i can straighten out our issue.