ok, so I was able to get a group filter working that allows me to add users to an AD group and then these users show up in the WF admin console.
Only this setup has created some new problems that I thought I would share. I’'d like to know if anyone else has had these issues and any ideas on how to modify my wildfire.xml to fix if possible.
-
all links in the admin console load quickly with the exception of the usrs/groups tab. It takes about 5 to 8 min to load this tab.
-
Authentication works sometimes, it usually takes 2 or 3 times trying to authenticate to get into spark.
3.WF crashes and becomes totally unresonsive after a few hours of operation. Server reboot is required to get things working again.
Here is my wildfire.xml file for your review
Regards
ldap>
<![CDATA[
(&
(objectCategory=Group)
(objectClass=group)
(memberOf=cn=JabberAccess,cn=Users,dc=mail,dc=local)
(member=)
)
]]>
It may have to do with your search filters being unnecessarily complex. I find it best to just create a security group and make every user you want to have wildfire access a member of that security group. My example below the security group name is AllWildfireUsers
And for the individual roster groups, create security groups that all begin with the same string so you can use a wildcard in your Group Search like below. I used WFG to prefix all of my roster groups.
How is it “too” complex? Currently it’'s searching for users in one security group “JabberAccess” for both the search filter and the groupSearch filter? This group is located in the defualt container “Users”.
Thanks for the help.
Regards
It is just a hunch, but the following line may be slowing you down.
(!(userAccountControl:1.2.840.113556.1.4.803:=2))
So if you want to try out the setup i provided great. If not that’'s fine too. Of course this is all assuming that your directory services architecture is functioning as it should.
-Erik
Ok so I’‘ve made these modifications to wf.xml and am still having the same extremely long load times for the users’'s page. groups loads in a flash but non of my AD groups that start with WF show up in the admin console.
<![CDATA[
(&(member=)
(&(objectClass=group)(sAMAccountName=WF*)))]]>
We’'re also using LDAP and have the same problem. As I understand it, the current version of Wildfire loads all of the user information when you click on the User/Group tab and it does take forever if you have a large directory (8 mins is about average for ours - we have over 250,000 users in our directory).
However - I believe that the next release of Wildfire (which I think is due in the next week) does something to solve this problem (at least, that is what Jive have told me ).
Cool, thats sounds good. I’'m not rolling this out until I can get it configured correctly.
Anyways can some one chime in on using AD groups with a filter for WF* etc.
Regards
Make sure that your groups you are looking for with WF* are located somewhere below your BaseDN.
Also,
The
]]>
Message was edited by: enaslund