powered by Jive Software

Active Directory / searchfilter & groupsearchfilter


Sorry to disturb this forum, but i tried tons of combinations in my searchfilter and groupfilter without any success.

Here’s my AD topology:



  • OU=Department1


  • OU=Department2







OU=Disabled Accounts





I would like that only the users in OU=Departments can connect to jabber, and that the groups in OU=Group.

But If i change the base DN to the OU Departments, i cannot access the groups anymore.

Any idea how to configure my searchfilters correctly?

I just answered another post with amost this same informaion. Let me know if this helps.

First, you should not be changing the base dn for searches. Leave the base dn as DC=host,DC=domain,DC=com

Now create a new domain group. Mines called SparkIM. Make the users and groups that you want openfire to see members of this “Control Group”.

Next, make sure the groups for roster sharing are correct and that no one is in more than one group. I had to create new groups specifically for the roster to make support a little bit easier, but using existing groups will work as well.

Now Search strings can be setup as follows:


(&(objectClass=group)(memberOf=CN=SparkIM,OU=DomainGroups,DC=host,DC=domain,DC=c om))



repace the CN=SparkIM… with the DN of the “Control Group”

Now you can control the roster and the ability to sign in by adding or deleting members from the “Control Group”. I named mine sparkim because we only use the spark client and the help desk doesn’t have a clue what openfire is (it makes my life a little easier, even though I know there are other clients out there).

Again I hope this helps.