正常配置openfire使用ldap認證後,在openfire後臺可以看到所有用戶和組,但是組裏面沒有用戶。
解決方法:
一、增加member屬性到organizationalUnit這個objectclass中
編輯core.schema
這個schema中有member這個attribute,但是organizationalUnit objectclass中沒有啓用,所以在:
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ member ) )
中增加$ member,重啓ldap即可。
二、修改openfire.script腳本:
編輯/opt/openfire/embedded-db/openfire.script文件,修改如下行爲:
INSERT INTO OFPROPERTY VALUES('ldap.groupMemberField','seeAlso')
INSERT INTO OFPROPERTY VALUES('ldap.groupMemberField','member')
三、添加組員到組中。
這樣在ldapadmin後臺OU裏面添加新的attribute的時候就可以看到member這個屬性了。member的值如下圖所示:
這樣,重啓openfire和ldap後,登陸spark就可以看到組已經組員了。
備註一下:
屬性名 | 屬性值 | 編輯 | 刪除 |
---|
admin.authorizedJIDs | | | |
ldap.adminDN | cn=root,dc=domain,dc=com | | |
ldap.adminPassword | hidden | | |
ldap.autoFollowAliasReferrals | true | | |
ldap.autoFollowReferrals | false | | |
ldap.baseDN | dc=domain,dc=com | | |
ldap.connectionPoolEnabled | true | | |
ldap.debugEnabled | false | | |
ldap.emailField | mail | | |
ldap.encloseDNs | true | | |
ldap.groupDescriptionField | description | | |
ldap.groupMemberField | member | | |
ldap.groupNameField | ou | | |
ldap.groupSearchFilter | (&(ou={0})(objectClass=organizationalUnit)) | | |
ldap.host | 10.0.0.12 | | |
ldap.ldapDebugEnabled | false | | |
ldap.nameField | description | | |
ldap.override.avatar | true | | |
ldap.port | 389 | | |
ldap.posixMode | false | | |
ldap.searchFields |
| | |
ldap.searchFilter | (&(cn={0})(objectClass=inetOrgPerson)) | | |
ldap.sslEnabled | false | | |
ldap.usernameField | cn | | |
ldap.vcard-mapping | <span title="<![CDATA[<br><vCard xmlns=" vcard-temp"><N> <GIVEN>{description}</GIVEN> </N> <EMAIL> <INTERNET/> <USERID>{mail}</USERID> </EMAIL> <FN>{description}</FN> <NICKNAME>{uid}</NICKNAME> <ADR> <HOME/> </ADR> <ADR> <WORK/> </ADR> </vCard>]]>"><![CDATA[ <vCard xmlns="vcard-temp"> <N> <GIVEN>{description}</GIVEN> </N> <EMAIL> <INTERNET/> <USERID>{mail}</USERID> </EMAIL> <FN>{description}</FN> <NICKNAME>{uid}</NICKNAME> <ADR> <HOME/> </ADR> <ADR> <WORK/> </ADR> </vCard>]]> | | |
provider.auth.className | org.jivesoftware.openfire.ldap.LdapAuthProvider | | |
provider.group.className | org.jivesoftware.openfire.ldap.LdapGroupProvider | | |
provider.user.className | org.jivesoftware.openfire.ldap.LdapUserProvider | | |
provider.vcard.className | org.jivesoftware.openfire.ldap.LdapVCardProvider | | |
update.lastCheck | 1379953378982 | | |
xmpp.auth.anonymous | true | | |
xmpp.domain | domain.com.cn | | |
xmpp.session.conflict-limit | 0 | | |
xmpp.socket.ssl.active | true | |
|
這是一個介紹關於ldap group的連接:http://www.zytrax.com/books/ldap/ch11/groups.html