[LDAP users] search person display username and computername

Ercole · September 5, 2007, 5:18pm

Hi to all,

im italian so excuse bad english.

i’m implementing Openfire in my company and this is a GREAT product. I users LDAP to populate user space (with our Active Directory DB). Tipically in Active directory i have a person (PERSON) and a person pc in the same ou (PERSONPC).

Using Spark and doing a people search with the purpouse to add it in spark contact, i put the person name and click search.

Qhen the search is finished i see PERSON and, below PERSONPC$.

This is a big problem for me because my users are a bit confused.

What is the best way to prevent PERSONPC$ from search results???

many many thanks in advance for your help !

NO_MESSAGES_OR_FRIEN · September 5, 2007, 7:40pm

Not to be critical of your AD implementation, but your problem stems from using an improper structure. Users and Computers should be in different OU’s. This is beneficial when applying policies to the AD members. All that being said you may be able to write a filter that will exclude the computers. There several examples posted in the community on how to do this. Remember though you can move users and computers to new OU’s without too many issues even when active.

Ercole · September 5, 2007, 8:57pm

Dear mtstravel many thanks for your reply.

In reality my AD implementation is like this:

OU OFFICE1

OU OFFICE1/COMPUTERS

OU OFFICE1/USERS

OU OFFICE2

OU OFFICE2/USERS

OU OFFICE2/COMPUTERS

for the right GPO purpouse that you suggest. No problem with this structure for now.

About the several example i tried to search but find nothing!!

Please can you suggest me the right filter!!!

Many many thanks in advance

NO_MESSAGES_OR_FRIEN · September 6, 2007, 12:48pm

With your current AD structure, you will need to create an AD group (ie ChatUsers) and make everyone you want to have access to Openfire in that group. You then need to enable group search filter in Openfire. The filter should look something like this:

``(&(objectClass=organizationalPerson)(memberOf=CN=ChatUsers,OU=Users,objectCl ass=organizaionalunit)(uid=))

Ercole · September 6, 2007, 1:36pm

Many thanks for your help.

Your idea is very good. I tried this solution editing the openfixe.xml and insert your string between the

and after group Chatusers creation. But when i restart the Openfire service i see a XML sintax error on the console.

Is the sintax correct? The same error occours everytime i insert a string finded here…probably i do something wrong!!!

Thanks for your help

NO_MESSAGES_OR_FRIEN · September 6, 2007, 1:48pm

you do not need the <code></code> included. I think the forem automatically inserted that.

Ercole · September 6, 2007, 1:50pm

This is the result error on the console.

I added

<searchFilter>>(&(objectClass=organizationalPerson)(memberOf=CN=ChatUse rs,OU=Users,objectClass=organizaionalunit)(uid=))

</searchFilter>

ERROR:

ERROR 11890 (): Error reading XML properties

org.dom4j.DocumentException: Error on line 65 of document : The entity name must immediately follow the ‘&’ in the entity reference. Nested exception: The entity name must immediately follow the ‘&’ in the entity reference.

at org.dom4j.io.SAXReader.read(SAXReader.java:482)

at org.dom4j.io.SAXReader.read(SAXReader.java:365)

at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:

etc etc

NO_MESSAGES_OR_FRIEN · September 6, 2007, 5:22pm

Let us simplify it to this structure:

(memberOf=CN=ChatUsers,OU=CONTAINER1,OU=CONTAINER2,DC=COMPANY,DC=COM)

That would translate to this for a company joecorp.com, with users found in accounts, location1, and members of ChatUsers group:

(memberOf=CN=ChatUsers,OU=location1,OU=accounts,DC=joecorp,DC=com)