Openfire LDAP configuration for groups

0
votes

I've got LDAP working with OpenFire, at least for users and authentication, but I'm having some trouble getting it to see my group's members.

A sample group in our LDAP schema (which is IPA-based) looks like:

dn: cn=infrastructure,cn=groups,cn=accounts,dc=our,dc=net
member: uid=bretw,cn=users,cn=accounts,dc=our,dc=net
member: uid=bobs,cn=users,cn=accounts,dc=our,dc=net
:
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
cn: infrastructure
description: Infrastructure group
ipaUniqueId: <blah>
gidNumber: 9590000048

My group settings are default, except that I added a group filter of "(objectClass=ipausergroup)" to catch the actual groups and screen out the ones that are just for individual users. I'm using "cn=accounts,dc=our,dc=net" as our base DN.

What should I be doing to ensure that OpenFire 4.5.1 can see into our groups? It finds them, but says each has 0 members, which we know to not be true.

1
ldapopenfireipa

1 Answers

0
votes

Turns out using anonymous logins don't work for filling out groups. Once I set an administrator DN, groups populated properly.