powered by Jive Software

Problem with LDAP group with different DNs for group and user

Hi folks,

I’'m trying to plug Wildfire 2.6.2 with my OpenLDAP server (version 2.0.23).

My LDAP schema is the following :

dc=example,dc=org,ou=People : contains user

dc=example,dc=org,ou=Group : contains unix group

dc=example,dc=org,ou=cvsGroup : contains cvs group

I’'d like to add the entries in cvsGroup in wildfire as groups and the entries in People as users without taking into account the entries in Group.

To do that I’'ve configured wildfire like this :

however I am not able to filter on the right domain name.

To do it with ldapsearch I have to change the baseDN like that :

ldapsearch -x -v -b ‘‘ou=cvsGroup,dc=gforge,dc=objectweb,dc=org’’ ‘’(objectClass=posixGroup)’’

How can I do that since there is a common baseDN for users and groups ?

Thanks a lot for your help


Message was edited by: moghrabi

Two options:

  1. Try using baseDN[/b] and alternateBaseDN[/b] to bind only to the two OUs you want. See the LDAP Guide for more info.[1]

  2. Use a search filter to exclude objects in the CvsGroup based on some unique attr of the objects therein. This may not be feasible for your environment.



The 2nd solutions is not applicable since the Group and cvsGroup have the same struture.

Concerning the 1st solution, I don’'t get you.

  • If I set: baseDN= People and alternateBaseDN= cvsGroup => I have no group available.

  • If I set: baseDN= cvsGroup and altenateBaseDN= People => I have no people and I can’'t login.