Server to Server Managing Rosters

Ok, I have 2 Active Directory domains. I have all the AD integration working, users and groups, with a Wildfire server in each domain. Now I just got the server to server working, and I’‘m wondering if there’'s a way to have a group from 1 server be included on the rosters for the users of the other server.

Any ideas?



I think I could hack together a solution that would “work”, but it’'s not pretty. I could manually create a roster record in the database for each user to add the needed people, but that defeats the purpose of using the directory anyway, since I would then have to run a script or something along those lines every time I added a user to either domain.

On the roster records in the database, if I put in * or someother wildcard for the username I’'m pretty sure that would break it, but I have to check anyway.

Manually create group with users from domain1 and domain2.

Do not use LdapGroupProvider, only LdapUserProvider and LdapAuthProvider.

Of course, set up s2s connections between wildfire servers from domain1, domain2.

It’'s works:)

Sorry 4 bad english

That would probably work, but I’‘d prefer to keep my groups from the LDAP. The user that I really want to show up in both is already in a group in both directories. But the user doesn’‘t show up in WF, probably because it never finds the user account so when it gets to the groups it just ignores the members that it can’'t find accounts for.

if you want add in user from domain1’'s roster users from domain2 you must place full jid in search field, example user2@domain2.

Sorry 4 bad English

Yeah, I can manually add users from one domain to individual rosters of the second domain. But that is not my prefered solution.

I don’‘t think what I want to do is actually supported. I don’'t think it would be an issue if the 2 AD domains were part of the same forest, instead of just a trust relationship.

In the public.jiveroster table, I can user everybody for the username in the same way that everybody is used in public.jivegroupprop?


Hey guys,

Shared groups may include remote users but you should know that things are not guaranteed to work fine since the whole shared group process is no longer controlled by Wildfire. For instance, when you add a remote user to a shared group it is up to the remote user to accept (and never cancel) the presence subscription. Until the user accepts the presence subscription he will not appear online for the rest of the users. As it was mentioned before, to include a user from a remote server just use his complete JID (e.g username@server) instead of just the username when adding the user to the group.


– Gato

Yeah, I tried manually creating a group in the database, that didn’‘t seem to work, although I only checked it on the client and not the server, and I didn’‘t do anything with authorizing. The remote user is already in the AD group, but doesn’‘t show up as being in the group on the server or the client, probably because WF couldn’‘t find the actual user account. The user also doesn’'t show up in AD Users and Computers when I use the query system to match my searchfilter query.

If only there was a way for WF to connect to 2 separate LDAP servers