Is there a way with Openfire/Spark to show all the users by default? We’re using LDAP, and would like all the users to show up in the list of contacts within Spark.
Is this possible? Rather than having to add a user, have them accept, and then show up, just have each user available to everyone else.
Go to Users/Groups, Groups, open some Group and setup Sharing in the contacts list.
I have no groups under Users/Groups, as you can see:
And I can’t create a group, if I try, I get:
Not allowed: the group account system is read-only.
Is there a way to designate a different DN for the groups, using the LDAP settings?
Our base DN is set up as: OU=Users,OU=Accounts,OU=COM,DC=ics…etc. etc…
Our groups are set up in OU=Groups, OU=COM … etc…
Is there somewhere in the settings for Openfire that I can set that group DN??
I’m not familiar enough with LDAP inregration and filters. When i was testing this i think i ran into the same problem, because our groups ou is on the same level with Users ou, os i had to point to a higher ou as a base dn and then it pulls all the stuff, which i don’t need and i didn’t manage to find out what filter should help me to pull only groups and users. You can also comment group provider part in /openfire/conf/openfire.xml and then it should let you create local groups and then maybe add domain users to that group. Then it should be possible to share these groups.
Well, here is my openfire.xml…I don’t see anything about a group provider…am I missing something??
<?xml version="1.0" encoding="UTF-8"?>
create groups in LDAP with proper users inside, try not to make the same user a member of multiple group.
then under Users/Groups section of Admin Console go to Groups sub-tab and find a group you want to display in client and click on it.
on opened screen select** “enable contact list group sharing”** and provide a group name the way you want it to show in client. Select “share group with additional users” checkbox and either select “all users” or select/ctrl-select groups you want to share it with.
(client/server may need to be restarted to display, or just wait out for cache update).
My issue is that our groups are not in the same AD OU as our users, so the base DN has OU=“Users”,OU=“Accounts”,OU=“COM”,DC=“ics”,DC=",DC=“gov” but groups are in
So, how would you handle that??
a trick is to put base dn at dc=ics,dc=gov
and uses ldap.searchFilter property.
(|(memberOf=CN=,ou=groups,ou=Accounts,ou=COM,dc=ics,dc= gov)(memberOf=CN=,ou=groups,ou=Accounts,ou=COM,dc=ics,dc =gov))
also that is not recursive, you will need to specify all security group in ldap.searchFilter
That is a good idea…we have a ton of groups though, and a lot will need to be blocked…
Is it better to start of the searchFilter with: (|(memberOf=CN=,ou…
Instead of the (&(member…
Or instead of and???
! - is logical OR
& - is logical AND
so you will be saying member of group1 OR member of group2
otherwise user will need to be a member of both groups.
Also for blocking ability to chat between groups - we are using packet filter plugin. (latest beta has option for regex expressions that helpfull)
So, as a test I backed of the base DN to OU=COM,DC=ics,DC=idaho,DC=gov
And added the search filter of: (|(memberOf=CN=,ou=Groups,ou=COM,dc=ics,dc=idaho,dc= gov)
I was thinking that the group should show up in the Openfire admin console once I restarted the server…is this incorrect?
How long should it take for the group name to appear in the list of groups, or will it?
Am I thinking about this correctly?
you will need an extra ) at the end, unless it a post typo.
also with that type configuration my base dn is set to the root of ldap; in your case dc=ics,dc=idaho,dc=gov
I had problems when my base dn was not set to the root. it all tested ok, but I could not see users.
Once the search is set to : (|(memberOf=CN=,ou=Groups,ou=COM,dc=ics,dc=idaho,dc= gov))
How long until the group shows up in the list of “groups” ??
hard to say, I usually restart openfire app/service - that way it right away
Hmmmmmm, after making that change, the users show up in the users section in the admin console, but if I go to the groups, nothing shows up…
Even after restarting the server…
If I go to groups, all its says is: No groups found.
Did I do something incorrectly?
did you try to change base dn?
I really can’t, since we’re part of a state network, each agency is set up as a OU, and I dont have rights to administer anything below the COM OU…
your ldap account will not have ability to read ldap if it not set to OU=COM,DC=ics,DC=idaho,DC=gov?
openfire ldap is read only - so it will not mess anything.
I had same problems displaying groups if base dn was not set to the root of ldap. since you are only reading ldap - I would give it a try unless it against your network policies.
It is an intersting issue, as I gave up looking into solution as soon as I realize “root of ldap” + “search filters” scenario, but you mad me curious, so iwill set up another test box to play around with different ldap settings.
If I set the base DN to DC=ics,DC=idaho,DC=gov I get all the users in other agencies as well as my own in the users list…but still no groups…
Is that what you were talking about?