After searching a view hours without finding a solution I finally post here…
I have users being member of multiple groups in the AD.
When I lookup their user-properties in the Openfire webinterface, only one group is shown under their “Groups:”-info.
The only user, being displayed as a member of multiple groups is me and I am marked as administrator.
• Openfire authenticates against AD via LDAP
• Groups reflect different services
• Users are members of one supergroup with all users and all groups of their subscribed services
My AD-structure (example):
- Contains users that are customers
- Examples: ted, jed, fred
- Contains users that are simple subscribers of services (ie. services provided by customers)
- Examples: don, ron, john
- Contains groups reflecting the services
- Example: some-group
- All users are in a supergroup for all users: all-users
all-users: ted, jed, fred, don, ron, john
some-group: ted, jed, don, ron
The properties of the users ted, jed, don and ron only show “some-group” in the “Groups:”-info field.
Looking at the groups list shows the same. Members of the group “all-users” are only fred and john, while the members of “some-group” are ted, jed, don and ron. They are actually members of “all-users” in the AD but missing in that group within Openfire.
If a user is member of multiple groups, only one group is being saved/synced.
Are groups in Openfire build by the users’ memberOf-information or by querying LDAP for groups?
Why is my (administrative)-account synced correctly as memberOf both groups?
What do I have to do to get this synced correctly?