Share users from ldap groups in IM client automatically

Hi there,

first of all I am new in this forum but let me mention I searched the web for this issue and only found the solution via shared roster and “Enable contact list group sharing”.

Here the issue:

I connected Openfire 4.0.2 with ldap to include the users.

approx: 550 users

approx: 100 groups

The users and groups show up perfectly fine in the admin console but don’t appear in the IM client.

To be honest I think it’s not the most convenient way to set up group sharing for 100 groups manually in the admin console to let all users see each other.

Is there any way to do that automatically?

I dont’t consider “Registration plugin” as an option for this case as it doesn’t seem to fit.

Help would be highly appreciated.


Okay I found the solution. For everyone wo wants to autopopulate his Jabber client here is the automated solution.

The script reads out the active directory via ldapsearch and puts the values into the openfire database to share all your groups with all other users.

So each user can see each other automatically. You don’t have to create shared roster manually anymore.

Note: Our AD groups had a common part in its Name. e.g.: openfire_groupname

In preparation you have to enable ldapsearch with your Active directory:

openSUSE Forums

  1. Copy the script to your wanted folder (e.g.: /home/openfire/scripts)
#!/bin/bash # This script makes sure AD groups get pushed to openfire database and get shared for all users within openfire.
# Without this script Jabber users cannot see each other online in the XMPP client. # 2016-06-03 logger "Running script to share openfire groups with all users"
echo "Searching Active Directory for jabber groups and filling openfire database with up-to-date values."
for i in $(ldapsearch -x -D "<ldapuser@domain>" -w "<yourldapuserpassword>" -b "<distinguishedName_attributeofADwhereyourgroupsarelocated>" -H "ldaps://<hostname.domain>" "(&(objectCategory=group)(cn=<wantedADgroupwithwildcardpossible>))" | grep "#" | grep <commonpartingroupname> | tail -n +2 | awk '{print $2}' | cut -d"," -f1 ; do
  mysqlvar=`mysql -sN -e "select * from openfire.ofGroupProp WHERE groupname LIKE '%$i'"`
    if [ -z "$mysqlvar" ]; then
      echo "There is no such group. Adding it to the database."
        mysql -e "INSERT INTO openfire.ofGroupProp (groupName, name, propValue) VALUES ('$i','sharedRoster.displayName','<havealookinyourdatabaseforthepatternorvalue>')"
        mysql -e "INSERT INTO openfire.ofGroupProp (groupName, name) VALUES ('$i','sharedRoster.groupList')"
        mysql -e "INSERT INTO openfire.ofGroupProp (groupName, name, propValue) VALUES ('$i','sharedRoster.showInRoster','everybody')"
        echo "The group is already existing."
done echo "Searching openfire database for deprecated jabber groups. If finding deprecated groups going to delete them."
for u in $(mysql -sN -e "select groupName from openfire.ofGroupProp" | sort -u); do
  echo $u
    if [ -z `ldapsearch -x -D "<ldapuser@domain>" -w "<yourldapuserpassword>" -b "<distinguishedName_attributeofADwhereyourgroupsarelocated>" -H "ldaps://<hostname.domain>" "(&(objectCategory=group)(cn=<wantedADgroupwithwildcardpossible>))" | grep "#" | grep <commonpartingroupname> | tail -n +2 | awk '{print $2}' | cut -d"," -f1 | grep "^$u$"` ]; then
      echo "Group does not exist in Active Directory anymore. Deleting group from Openfire"
      mysql -e "DELETE from openfire.ofGroupProp WHERE groupName = '$u';"
      echo "Group still existing in Active Directory. Leaving everything as it is."
  1. Adjust all variables in the script highlighted with . Note the “echo” commands are moreorless for testing purposes feel free to comment them out for final use.

  2. Build a cronjob running the script every night. Changes only get processed if openfire gets restarted so openfire should be restarted either.

Your Openfire shared roster should be up-to-date everytime the cron runs.