Up to Discussions in Openfire Support

This Question is Possibly Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (5 pts)
8 Replies Last post: Aug 11, 2008 11:39 AM by Todd Getz  
William Bronze
William
5 posts since
Jul 10, 2008
Currently Being Moderated

Aug 7, 2008 2:33 PM

LDAP HELP!!!!

So I got it working but what i need to do is have many baseDN's

 

So my question is how to do get more than two baseDN's

 

I know there is a <baseDN> and a  <alternateBaseDn>

 

how can i have more than 2

 

I have 3 OU's each with users and groups, for this to work I can put one in the baseDN and one in the alternateBaseDN but i need a third one.  I would just use the root of the domain but then things dont work at all...

Chris Bronze
Chris
23 posts since
Oct 19, 2006
Currently Being Moderated
Aug 8, 2008 10:48 AM in response to: William
Re: LDAP HELP!!!!

william,

     If you're using base dn's that are ou's in ldap can you use a higer level base dn that would include the 3 or 4 that you need and filter the users and groups by objectClass or some other attribute?

example:

base: dc=example,dc=com

filter: (objectClass=user)

Report Abuse
William Bronze
William
5 posts since
Jul 10, 2008
Currently Being Moderated
Aug 8, 2008 10:54 AM in response to: Chris
Re: LDAP HELP!!!!

I would use the root of the directory but that doesn't seem to be an option.  When I use the root base dc=example,dc=com and have groups, end users when logged on presence will show offline, users cannot send between each other, therefore I have to use OUs under the root OU=,dc=,dc=.

Report Abuse
Chris Bronze
Chris
23 posts since
Oct 19, 2006
Currently Being Moderated
Aug 8, 2008 11:04 AM in response to: William
Re: LDAP HELP!!!!

hrrm,

     Sounds like 2 different problems. Is the AD that you're trying to get users from or another LDAP?

I'm still using a much older version of openfire but I've not had a problem with AD and I'm uing the directory root.

So, when you're using the directory root users can login put don't appear online to other users?

Have you tried duplicating the ldapsearch from a command line to see if you get the results you expect?

Report Abuse
William Bronze
William
5 posts since
Jul 10, 2008
Currently Being Moderated
Aug 8, 2008 11:10 AM in response to: Chris
Re: LDAP HELP!!!!

yep im using AD for users, I have the newest version, and I only get the error when I use root as my baseDN,

 

I have 2 OU's with users and 1 OU with groups so i really need to have baseDN=ou=1,dc=example,dc=com alternateDN=ou=2,dc=example,dc=com and alternateDN2=ou=3,dc=example,dc=com

 

on a side note when i try to use root and have groups which are showen to all users, those users log in and when in the admin page you can see under session that they are authenticated and logged in but there presence shows offline,  then if you drill down farther by clicking on that user, the following page will show there presence as online.  Here we need to have groups its not a option.  But as a workaround i can specifiy a OU as the baseDN... then things work.

Report Abuse
Chris Bronze
Chris
23 posts since
Oct 19, 2006
Currently Being Moderated
Aug 8, 2008 11:20 AM in response to: William
Re: LDAP HELP!!!!

I'm using AD for auth but the embedded db for groups, again on a much older version of wild/openfire. So, I'm not sure how much more help I can be.

Do you see anything in the error log when using the root as the base?

 

This might be completely off track, but... I personally wonder what happens if you have a user that's a member of multiple groups in AD. How does openfire handle that?

 

Have you tried using AD to auth and creating a test group in the embedded system for testing? Since you can't have the muliple bases that you want have your groups ever worked correctly?

Report Abuse
William Bronze
William
5 posts since
Jul 10, 2008
Currently Being Moderated
Aug 8, 2008 11:33 AM in response to: Chris
Re: LDAP HELP!!!!

Thats whats weird no errors, If i put group section on POXIS i get some errors but then i dont see Any members of groups, however users can log in and at least manually add users, but still they still appear as offline.  Its like its seeing the root and can auth users but when it comes to updating the presence it just cant do that.

 

But no, never had it working right using the root with groups,  however i havent tried earlier verison of openfire just the latest one.  We do have an older one here but it wasnt using LDAP.

 

Also i didnt think if you put it to LDAP that it will let you create any group on the embedded system, pretty sure it will default to trying to add a AD group which it cant do.  Going back to how you mention about how openfire will handel a user in multiple groups I dont know.

 

Oh well, what I will do is use ou=1 for baseDN and ou=2 for alternatedn on the .conf file and then just move my group ou in ou=1, then i can resolve both OU of users and since the groups ou is inside ou=1 then i can resolve groups.

Report Abuse
rculpepper Bronze
rculpepper
42 posts since
Jun 24, 2008
Currently Being Moderated
Aug 11, 2008 11:36 AM in response to: William
Re: LDAP HELP!!!!

Have you successfully used this method?

Report Abuse
Todd Getz KeyContributor
Todd Getz
2,178 posts since
Apr 2, 2007
Currently Being Moderated
Aug 11, 2008 11:39 AM in response to: William
Re: LDAP HELP!!!!

Are you using the correct ports?  There is a different port you should use if you set the baseDN to the top of the tree.  See this doc:  http://www.igniterealtime.org/community/docs/DOC-1554.

Report Abuse

More Like This

  • Retrieving data ...