Running Openfire 3.4.5 with Spark 2.5.8 using LDAP via Novell eDirectory. I can successfully log in using my Novell credentials and add a Novell user. When I attempt to right click on the user and view profile>view full profile, I do not see any LDAP information showing in the profile. Yet, when I test from the console side (Profile Settings>User Mapping), it succesfully pulls the information and displays it on the screen.
You say you are adding a user? I assume you mean to your roster in spark? Do your users show correctly in the openfire users/groups admin tab? Has the user approved your adding them to your roster?
Sorry, you are correct. I am adding a user who is in the eDirectory tree. I can add this user to my roster, he accepted my add, added me to his roster, then we sent some messages back and forth. There was no issue with any of this. However, when I try to view his profile information, I do not see the information being pulled from eDirectory. Shouldn’t I be able to see the information that is populated in the tree such as the phone number, email address, etc? I can see the information when I use the test under the profile settings area. The user name appears to show correctly in the users/groups tab.
On a side note, is there a way to use an eDirectory group to “prepopulate” the roster so that when the users log in, they don’t have to go through the process of adding fellow “buddies”, but rather have those contacts already appear in the list upon login?
You should be able to see any defined LDAP information as long as your mappings are correct. Openfire server has the ability to share groups which then prepopulate to the roster of the members as well as any other allowed users. Check your Users/Groups tab in the Openfire admin page to see if your groups have been pulled from LDAP. The subscription plugin when configured to Accept All will allow users to be added to rosters without requiring approval.
Should the vCard mapping be enabled by default? Is there anything else that needs to be done to allow the LDAP data to be shown in the client? LDAP data is still not being passed to the client. I can see the vCard fields are mapped in openfire.xml. The data is pulled from LDAP during the profile settings test in the console. I have attached screenshots of the client and server so you can see what I’m seeing.
On the shared groups, is there a setting to enable this? I can search and find my eDirectory group, but when I click on the group, the browser does not do anything. Could this be an issue with eDirectory, or maybe a permissions problem? I might just be missing something. I just want the users to log into the client and not have to do anything else other than start chatting.
Thanks for all your help!.
Can you provide the vcard mapping info from the openfire.xml file?
Have you verified that all the mappings that you specified in the openfire.xml exist in your NDS to LDAP mappings in eDirectory? Your pictures do not show a whole lot of data in the test. It may have tested OK but the data does not seem to be mapped correctly.
You could try this alternate mapping:
<vCard xmlns=“vcard-temp”>
<N>
<FAMILY></FAMILY>
<GIVEN></GIVEN>
</N>
<EMAIL>
<INTERNET/>
<USERID></USERID>
</EMAIL>
<FN></FN>
<NICKNAME></NICKNAME>
<ADR>
<HOME/>
<STREET></STREET>
</ADR>
<ADR>
<WORK/>
<STREET></STREET>
<LOCALITY></LOCALITY> <REGION></REGION> <PCODE></PCODE> <CTRY></CTRY>
</ADR>
<TEL>
<HOME/>
<VOICE/>
<NUMBER></NUMBER>
</TEL>
<TEL>
<WORK/>
<VOICE/>
<NUMBER></NUMBER>
</TEL>
<TEL>
<WORK/>
<CELL/>
<NUMBER></NUMBER>
</TEL>
<TEL>
<WORK/>
<FAX/>
<NUMBER></NUMBER>
</TEL>
<TEL>
<WORK/>
<PAGER/>
<NUMBER></NUMBER>
</TEL>
<TITLE></TITLE>
<ORG>
<ORGUNIT></ORGUNIT>
</ORG>
</vCard>]]>
I tried using your mapping and it appears to be working now.
In terms of using the Novell group to create a shared roster, what needs to be done to make this work? I can search for the group in the group tab, but when I click on the link of the group, nothing happens. Any reason why this wouldn’t work?
does that mean you see the list of groups?
you could add these changes to the openfire.xml as well
or
true
(ObjectClass=GroupofNames)
I’ll try that when I get to the office tomorrow. I do know that when I click on Group Summary, I see both user objects and group objects. This is probably because I have the base dn set at the root of the tree. If I do a search on a Novell group, lets say Openfire_users for example, I do get the result returned, but clicking on the group does nothing. Since this isn’t working, I wasn’t sure what result I’m supposed to get or how I’m to configure it. I am not able to use the Create New Group option which I expected since I have LDAP enabled.
OK, I think I almost have it except I’m having some of my users being excluded because they have aliases in Novell. Our base dn is set at the organization level, but the OUs below that could contain an actual account or an alias to the account. Knowing this, I thought I’d be able to filter out the alias by either excluding any objects that have an objectClass=alias by doing the following:
<searchFilter>(!(objectClass=alias)(&(uid=)))</searchFilter> or use a filter to only include objects that have an objectClass=inetOrgPerson by doing the following <searchFilter>(&(objectClass=inetOrgPerson)(uid=))</searchFilter>
Neither of the filters worked so any of the users who are in the group who also have alias anywhere in the tree, are excluded (see screen shot attached). Error log shows an event corresponding to each user with an alias. You can see in the screenshot, for the users who have an alias, their usernames are followed by @127.0.0.1 but they are not useable even though they appear in the list. I assume that for whatever reason, they are being referenced first when LDAP queries the eDirectory tree.
2008.02.27 20:52:33 org.jivesoftware.openfire.roster.Roster.<init>(Roster.java:176)
Groups () include non-existent username (userwithalias)
I have confirmed that removal of the alias results in the account properly working. With that being said, are there any other alternative solutions besides removing the aliases? Searching on this forum returns some discussion of dereferencing aliases, could this be a solution and how can it be done.
FYI, this was the group filter I ended up using in order to get the proper result with Openfire and eDirectory.
<posixMode>false</posixMode>
<groupSearchFilter>(&(objectClass=groupOfNames)(cn=OF_USERS))</groupSea rchFilter>
