Shared Groups not appearing in roster

Openfire Openfire Support
1

Perhaps I am misinterpreting the way this should work, but here we go. I have two groups in my group summary, Group A and Group B. I am a member of Group A. These are active directory security groups and the users are active directory users as well. Everything appears correct for the users and groups.

Under the groups settings for both groups, I have:

Checked - Enable contact list group sharing

Checked - Share group with additional users

Checked - All users

So, with those settings, I would expect that in my Roster I would see Group A and its members, as well as Group B and its members. That is not the case. I see Group A only and I see an Offline Group with me in it?

If I go into the properties for Group B and make the following change:

Checked - Enable contact list group sharing

Checked - Share group with additional users

Checked - these groups: Group A

Then I see Groups A and B in my roster. Shouldn’t the All Users allow all users to see that group?

And lastly, why do I show myself in the Offline Group?

Server Properties

Server Uptime: 7 days, 0 hours, 5 minutes – started Feb 28, 2008 1:19:59 PM

Version: Openfire 3.4.5

Server Directory: /opt/openfire

Environment

Java Version: 1.6.0_03 Sun Microsystems Inc. – Java HotSpot™ Server VM

Appserver: jetty-6.1.x

OS / Hardware: Linux / i386

Locale / Timezone: en / Mountain Standard Time (-7 GMT)

Java Memory 12.32 MB of 63.31 MB (19.5%) used

2

Jeff,

You initial setting should have worked too… I have like 5 groups all setup the same way as the way you set your groups initailly, and it works fine for me. The only difference between my setup and yours is that I use Novell Edir…

However, if the second method works for you and all you have is those two groups, then just do it that way… Unless it is buggin you so much that you just have to fix it

Wayne

3

No, I only have two groups for testing reasons. When I completed deploy we would have a lot more and I don’t want to go into each group and set it to see the others.

4

Gotcha… Well, it should work for you and I am pretty new to this too so I don’t have any good ideas for you except to maybe recreate your groups. What I did was create a new OU just to hold my IM groups. Then just added my members from other contexts to those groups. Then in the admin screen I setup those groups to share with all users just like you did… good luck

Wayne

5

Yeah, basically I have it so that I have a security group called openfire and I add users to that group and I add other security groups to that group and then they are in my openfire admin panel. It just only works if I share to select groups, does not work when shared to ‘all users’

6

Dumb question but in your steps you did not list that you provided a name for the group that you are sharing. Did you do this? See my attached image (I know it is not shared for All but I have others that are).

7

Okay, I just did a fresh install to see if maybe one of my filters had screwed something up here.

For my search Filter I have:

Which works fine. I get users in my list who should be there. Then, I have as my group filter: <![CDATA[(&(cn=)(objectclass=group)(memberOf=CN=Openfire,

OU=Security Groups,OU=Groups,OU=Corporate Organizational Unit,DC=domain,DC=com))]]>

I get a bunch of groups which I don’t want but the ‘share with additional users’ setting DOES work. Does anyone follow that logic?

And this spawns a second question. The groups only show up if users in that group are online. If they are not, they are all grouped in ‘Offline Group’. Is that the expected behavior or another config issue on my end?

8

Sorry, yes, I provide a group name.

Basically as in my last post, it works with a really simple group filter. It does not work when my groups are populated based on a filter that filters based on the groups memberOf key.

9

The reason for this is that Openfire does not apear to like Groups with in Groups in AD if you intend to share that group. I also could not make that work. I instead created a group called ChatAllUsers and bulk added all users to that group. We make that group part of the default groups new users get added to. That group shares fine.

10

I have entered a bug report for this issue: http://www.igniterealtime.org/issues/browse/JM-1293

11

Thanks for posting your thoughts. You seem to be the open person responding to my posts!

So, you have chatallusers, and I have openfire and I think we are doing the same thing. Users added to that group get added as openfire users. That works great. But, how do you handle groups in openfire? Do you only have the one group chatallusers or do you also use AD groups in openfire?

Secondly, looks like the offline users issues I mentioned is fixed when you uncheck ‘group offline users’ in the spark options. Not a server-side thing. ba da bing ba da boom…

12

Sorry all my groups are creeated in AD for central management purposes. I do not have any groups being shared in openfire that contain other groups. I have made special groups for use with openfire that break our company into teams, locations, and the entire company (All in AD). These groups are then shared in various ways. Locations and the Entire Company group goto All Users, Teams go only to team members.

13

Oh I seem to respond to most of the Wndows AD questions. Guess I am just lucky that way.

14

So what does your groupSearchFilter look like? I would like to do something similiar to you, have AD Security Groups specific to openfire. I would put them all under an OU Called Openfire Groups. Can I use an ou as a groupSearchFilter?

15

Last thing (maybe), is there a way to test these ldap queries from the linux command line? right now I am making the change and then restarting the openfire service to see the changes.

16

unfortunately i am not a linux guy, but i believe there is a linux command ldapsearch. I may be wrong though. I have a windows app by that same name that I use to run test queries.

17

I’ll play with ldapsearch and see if I can get it to filter right. In any case, So what does your

groupSearchFilter look like? I would like to do something similiar to

you, have AD Security Groups specific to openfire. I would put them all

under an OU Called Openfire Groups. Can I use an ou as a

groupSearchFilter? Can you post your openfire xml, atleast the basedn, searchFilter and groupSearchFilter parts?

18

I’ve marked this as answered but I need to add some more information and don’t want to start a whole new thread for the same topic.

I am trying this a hundred different ways but just cannot seem to get it fixed. I can filter all day long with groupSeachFilter and can get the groups I want, but can not seem to get the “Share Group With Additional Users” to work for those groups. People in those groups only see their own group, unless I manually choose the groups to share with. If I choose All Users, no groups are seen except your own. Select the groups, you see them in spark. Pretty frustrating. It ONLY works if my groupsfilter is objectclass=group. If I do anything else this problem is exhibited. Prevoiusly I was trying to have groups that were nested in another group as my openfire groups and okay, openfire cannot deal with that. So I just tried another filter like:

<groupSearchFilter><![CDATA[(&(cn=)(objectclass=group)(info=openfire))]]></groupSearchFilter>

And I get the groups I want, any AD group with the word openfire in the notes field. Works great. But then evenwith all users checked, no one sees any group but their own. Is anyone using a search filter similiar to mine and actually getting all the groups to show up? If so, please post your xml file so I can try to get mine working. Basically I just want the following:

Users who are members of an AD group called openfire to be openfire members and specific groups as groups, either by name, or by ou, or by some attribute (not all groups should be in my group summary)…Thanks in advance,