I’m binding to AD with some user filters, but no group filters. Thus, only users in a specific security group can log in. This works without issue. The issue is that when I locate a group in AD and enable contact list group sharing, only a subset of the users in that group are populated in the roster for users in that group. This is 100% reproducible, though not always with the same results. For example, when I first enabled this specific group, all the users appeared. Following a subsequent server restart, only a half-dozen appeared. After lots of poking and prodding, including reinstalling from scratch, only two users from that group populate on other member’s rosters. I’ve tried disabling and re-enabling the group sharing, renaming the group, and everything else I could think of. The problem persists.
I’ve seen some other posts here that seem to be tangentially related to this issue, but nothing that’s exactly what I’m seeing. This is on OpenFire 3.5.1.
Any suggestions would be extremely helpful.
Just to test have you tried setting your filters back to the defaults?
Yeah, that’s a datapoint I forgot in the first post. Not enough coffee.
Yes, with default filters (objectClass=organizationalPerson) the list is fully populated. When I drop in my custom filter <![CDATA[(&(objectClass=organizationalPerson)(memberOf=CN=JabberUsers,OU=Sec urity,OU=Internal Groups,DC=example,DC=com))]]> the resulting user list works as it should, but the contact sharing doesn’t.
Group filters are set to the default. But remember, with that custom filter in place, some users are present in the list, and all users in that group appear in the admin console under that group, just not in the rosters.
For grins, I prepended (sAMAccountName=) to the user filter, and that appears to have had a positive impact… I’m going to hold judgement for awhile until I’m certain this isn’t another fluke, but I now have all the users I should in the rosters.
I’m with that problem too.
Here is my ldap.searchfilter:
(objectClass=organizationalPerson)(&(objectClass=user)(!(userAccountControl:1.2. 840.113556.1.4.803:=2)))
This work fine with sharing, but I can’t restrict users to login. Then I change it to:
(objectClass=organizationalPerson)(&(objectClass=user)(!(userAccountControl:1.2. 840.113556.1.4.803:=2)))(&(objectClass=user)(memberOf=cn=Openfire,dc=nepomuce,dc =exc))
Now I can restrict the users to the group “Openfire”, but the sharing groups don’t work anymore. I got a group called “Info Users” and it’s set for sharing, but doesn’t work. If I set the grou “Openfire” for sharing, then it work, but appears everyone!
Need some help here!
Obs: ldap.groupSearchFilter is (objectClass=group), the default.
OpenFire 3.6.3
additionally get rid of the cdata stuff if you are running version 3.6 or above of openfire.