Oh the joy and the pain of this….
After a very long time I have now got this working how I want it but it was painful getting the right runes to make the two play nicely.
What I wanted:
- To have a group in AD that could access and authenticate to Openfire
- To have a groups in Openfire that were defined by an AD group.
- All of our users are in a group called “Foo Users”
- All of our groups are in “Foo Groups”
- All of our Openfire users are in a group called “openfire” which is inside “Foo Groups”
- Our Openfire groups are in “Openfire Groups” which is in “Foo Groups” (I made “Openfire Groups” a universal group, this may or may not be needed).
- I then made the “openfire” group a member of “Openfire Groups”
- Our domain is called foo.com
- ldap.baseDN : dc=”foo”,dc=”com”
- adminDN : cn=”administrator”,cn=”Users”,dc=”foo”,dc=”com”
- Userfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
- Groupfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
Hope this helps someone 🙂