Setting Up Openfire in Multi Domain Active Directory Forest

Christopher_Foo · August 5, 2008, 10:27am

I would like to give a bit of over view first before the question :

We are running Windows 2003 Active Directory in our network, in the AD we seperate the network into 5 domains by geographical regions for management purpose, from there the users are then seperated break into OU structure that represent countries and cities. The LDAP structure below is an example : -

Root Forest

DC=abc,DC=com

Domains

DC=ap,DC=abc,DC=com

DC=eu,DC=abc,DC=com

DC=am,DC=abc,DC=com

etc

Site/Country OUs

OU=User,OU=AP HQ,OU=Singapore,DC=ap,DC=abc,DC=com

OU=User,OU=SG Sales,OU=Singapore,DC=ap,DC=abc,DC=com

OU=User,OU=Boston,OU=America,DC=am,DC=abc,DC=com

OU=User,OU=NewYork,OU=America,DC=am,DC=abc,DC=com

Users are in the “user” OU as shown in the example above.

Question : Now the question is so far I am able to setup one OpenFire for each domain ( i.e : ap.abc.com, am,abc.com, eu.abc.com ). However I would like to be able to setup 1 OpenFire Server globally and have all the users in the entire Forest Logon to this one server. So that they can see each other and also be able to keep all the message archives in a single DB. How do i do that or is this possible ?

Hope someone can help on this. Any help would be greatly appreciated

Regards

Chris

Darren_Smith · August 5, 2008, 10:44am

Hi Chris,

I stumbled upon this while looking at the roadmap for the next release of Openfire?

How to combine multiple Active Directory Domains using MS ADAM

http://www.igniterealtime.org/community/docs/DOC-1534

Best Regards

Darren

NO_MESSAGES_OR_FRIEN · August 5, 2008, 12:12pm

Set your baseDN to the root of your tree (DC=abc,DC=com). Use this doc as a guide: http://www.igniterealtime.org/community/docs/DOC-1554.

Setup groups within each domain specifically for chat. Prefix those groups with a specific word such as Chat (ie ChatGroup1, ChatGroup2).

Use filters to limit results:

Sample user filter:

<searchFilter><![CDATA[(&(objectClass=organizationalPerson)(|(memberOf=cn=ChatGroup1,ou=accounts,dc=domain,dc=com)(memberOf=cn=ChatGroup2,ou=SecondaryAccounts,dc=domain,dc=com)))]]>

Here is a group filter to go with this prefixed groups structure:

<groupSearchFilter><![CDATA[(&(objectClass=group)(cn=ChatGroup*))]]></groupSearchFilter>

Hope that helps.

Marcela_Gonzalez · December 23, 2008, 1:28pm

I’m really having a hard time configuring the ADAM with this DOC.

I have my forest like this:

main.com.br

sor.main.com.br (child domain)

other.com.br (trust between forests)

Do I have to install ADAM on my DC or any host?

How do I proceed with adschemaanalyzer?

HELP!!!

Marcela