I’m currently piloting an Openfire installation, and one of our goals with this system is to deploy it in two different office locations, with two different domains, along with allowing users to chat between the two locations. In testing, I’ve been able to get this going without any problems. Except one.
In addition to allowing the users to be able to chat, we’d also like all users in both locations to see all users throughout the company. This is the problem. We’re using an LDAP backend for our user groups (filtering on objectClass=posixGroup), and this works fine in each location, with memberUids simply being a user name. However, when we want to throw users from another domain in that system (i.e., memberUid: "firstname.lastname@example.org"), Openfire does not pick up that user name. I can put any name I want in as a memberUid for a group, and as long as it’s a short user name (i.e., “fullusername”), they get added to the SRG, but as soon as I put a full user name in, it doesn’t work.
When setting up Openfire without LDAP, I can add a full user name from a different domain to a SRG, which leads me to believe this should be a one or few line change in the source, but I thought it’d be best to ask if there’s a legitimate reason for not doing this via LDAP, or if this could even be a bug.
If anyone has any ideas, that’d be appreciated. Thanks, in advance.