powered by Jive Software

Yet another LDAP integration thread

I’ve been attempting to get Openfire 3.6.4 to authenticate using LDAP and I feel that I am “oh so close” but not quite there.

Here’s what I’ve got:

ldap.baseDN DC=domain,DC=org

ldap.adminDN CN=Administrator,CN=Users,DC=domain,DC=org

ldap.searchFilter (&(memberOf= CN=Dept 935,OU=Dept Groups,OU=Groups,DC=domain,DC=org)(objectClass=person))

If I use the above query using LDP.exe (a windows tool) I get 78 users, but for some reason Openfire only finds 6 users. If I remove the user filter I hit the 1000 LDAP limit.

I thought I’d be able to set the BaseDN to CN=Dept 935,OU=Dept Groups,OU=Groups,DC=domain,DC=org but that doesn’t seem to work. Using that BaseDN doesn’t show any users, just the group.

I am not an ActiveDirectory admin so I can’t change how users are stored in LDAP.

Can anyone tell me what I’m doing wrong?

Thanks!

I’ve continued troubleshooting and am now wondering if it as anything to do with ldap.adminDN

I get “Status Success!” when I use the following:

CN=Users,CN=Administrator,DC=domain,DC=org

CN=Users,CN=Random,DC=Stuff,DC=org

or if I leave it blank. This makes me think what I type there is irrelevant, however…

I get “Status: Error” when I use the following:

CN=Administrator,CN=Users,DC=domain,DC=org

Checking the log shows that I’m getting a LDAP: error code 49 - 80090308, which looks to be an authentication error.

Is it possible that only certain users will be returned when I run my search if I’m not properly authenticated?

i’m no expert (trust me on this! ) but i am using LDAP authentication and for ldap.adminDN i’m just using username@domain.org format - hope that helps!

Thank you!

I used my own domain account (non adminstrator) and now I see all users of my group.

Glad it worked!!