I’ve got one Openfire server in the Windows forest root domain with users authenticating using LDAP. I’m using universal security groups to filter and add users to the shared roster groups and that seems to work fine.
Now I’m attempting to add users to the security groups that are in a tree-root domain, meaning a domain that is in the forest but has a completely different name, like:
forest root = domainname.com
tree root = differentdomainname.com
So, I can’t just use the ldap.baseDN alone so I’ve added the ldap.alternateBaseDN option and set that to the tree root domain, then I set the ldap.port to 3268, and that seems to work fine for authentication. Then
when I use the wizard to test the group filters, it will show the correct number of users in each group. However, when I save the
configuration and then look at the groups from in the admin console, it only shows the users in the forest root domain. Also, Spark is only showing the forest
root domain users so the tree-root users aren’t populated and have no presense, but they can be searched.
I’ve read the tutorial about blanking the baseDN so that it will search across the whole forest but then authentication seems to fail and it
locks me out of the admin console. I actually think it was working as intended after I set it up initially but it broke when the server was restarted.
I guess I just need to know if what I’m trying to accomplish is even possible, and if so, where am I going wrong?
Thanks in advance.