my current setup:
Openfire (latest version, Linux) running with read access to OpenLDAP.
I cannot change the contents of the OpenLDAP server because the LDAP server gets populated by another system.
- The LDAP contains (among other stuff): ou=People and ou=Group
- Base DN used in Openfire is Domain, Top-Level-Domain
- "Group" contains several groups. ldap.groupNameField = cn .
- Openfire uses "users" group. This group contains all user names in the field "memberUid" as a list. ldap.groupMemberField = memberUid
- Since the base DN is so broad, I use a filter: ldap.groupSearchFilter = (cn=users)
- This gives me a group roster in Openfire which contains all users in the "users" group. These are all people in my company.
So far, so good.
What I want to do:
I want to have different group rosters for each branch office. So, separate group rosters for people from New York, from Berlin, from Paris... You get the idea.
- The only place where this information is stored is in ou=People.
- Every uid (every person) contains a field "location".
The big question:
How should I configure Openfire in order to read the LDAP in a way that it creates group rosters for every location?