Questions regarding Openfire use in business!

Openfire Openfire Support
1

Hey everyone, I have a few questions to ask. First let me explain my work.

I work for a call center as IT admin, and I have the task of implementing a new messaging system for our building. Ok i setup Openfire and Spark.

I have about 250 employees that need this IM, BUT the thing is, is about 200 of them are NOT aloud to chat with the IM, ONLY to receive IM’s to let them know its their break time, or status of an account, whatever the case is.

I would like to have it so a select group of user’s which we call Lead Hands, are allowed to send and receive messages. Now do I have to make a group in Active Directory and put these users into a “lead hands” group so Openfire can “let” them send and receive. And put the other 200 users into another group that dont allow them to send messages.

So lets say I do the above, I create 2 new groups in my AD, how to I set the permission in Openfire?

I have about 50 different groups set up in AD right now with permissions and group policy, is there a way to have Openfire only read the 2 new groups instead of listing all these groups, with the same user in like 6 different groups?

Like there is no reason for Openfire to list my printers group, haha but it does, I just like to have things neat and organized and I dont think Openfire needs to know about ALL the groups in AD, i just need Openfire to read from 2 groups called - Lead Hands & Agents.

Can this be done?

Another questions is,

How do I have Openfire list my user’s by their Real names, instead of their login names?

example of me, my username is 1154, real name Paul, when trying to search for someone in Openfire I have to use their Username instead of Realname. can this be changed?

Please need some answer’s, thanks in advance.

SORRY FOR SUCH A LONG QUESTION.

Paul

2

Paul wrote:

I have about 50 different groups set up in AD right now with permissions and group policy, is there a way to have Openfire only read the 2 new groups instead of listing all these groups, with the same user in like 6 different groups?

Like there is no reason for Openfire to list my printers group, haha but it does, I just like to have things neat and organized and I dont think Openfire needs to know about ALL the groups in AD, i just need Openfire to read from 2 groups called - Lead Hands & Agents.

Can this be done?

Another questions is,

How do I have Openfire list my user’s by their Real names, instead of their login names?

example of me, my username is 1154, real name Paul, when trying to search for someone in Openfire I have to use their Username instead of Realname. can this be changed?

Please need some answer’s, thanks in advance.

SORRY FOR SUCH A LONG QUESTION.

Paul

I can answer part of this as I had teh same question, first I will quote a post that helped me and tell you a bit on how I was able to get only my IM groups and users to show up. I am not sure about the permissions as I have not had to deal with that.

@speedy wrote:

I’ve seen this question asked a few times. “How can I used my AD roster groups for user authentication?” I beleive I have found the solutions.

for this example I’ll be using the following:

AD domain = AD-DOMAIN.local

access group = Openfire Access Group

roster groups = _IM Group1, _IM Group2
(*note - I’ll be using _IM as part of a wildcard search, so all my groups start with _IM for that reason)

First create your security groups:

Create a Domain Local Security Group. In our example call it Openfire Access Group and place it in the user container.

Created regular security groups, in our example _IM Group1 and _IM Group2.

Make _IM Group1 and _IM Group2 members of the Openfire Access Group

Add your users to the _IM groups
(include your openfire admin account, or make it a member of the Openfire Access Group )

Next, set your system properties in openfire:

ldap.baseDN
DC=AD-DOMAIN,DC=local

ldap.groupSearchFilter
(objectClass=group)(cn=_IM*)

The first thing I did was create the security group named “Openfire Access Group” in the users folder in my AD structure.

Then I created a bunvh of groups named IM-(groupname)

I put each user in their perspective IM-group

Then I added each IM-Group as a member of “Openfire Access Group”

Now that this is done, you need to do what he says above in your openfire setup/admin console. If you already have Openfire running go to:

Server → Server manager → System Properties

Change ldap.groupSearchFilter and ldap.searchFilter

My groupSearchFilter is (objectClass=group)(cn=IM-*)

My ldap.searchFilter is (&(objectClass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Ope nfire Access Group,CN=Users,DC=xxx,DC=xxx,DC=xxx,DC=xxx)))

And yes those are numbers after memberOf, I remember this threw me off at first, but put em in like they are. I did not show my domain setup, but add yours in the area after the DC’s, you should know this one by now if you setup the openfire console.

After saving these, I restarted the server and it picked up my new groups only and the users in them. I am not good at putting stuff on paper, but I thought I would help because I was helped and ran into the same question you had.

I am not sure how I did it, but my Openfire/Spark is picking people up by their Names and not UserID’s, it is getting it from AD’s First name and Last name fields…