Active Directory with User and Group Filtering - Got it working


I thought I would post my findings as I had seen a number of different posts around this topic.

The criteria for this setup was:

  • Only users in a specific user group would be visible in the admin console and able to access the server using a jabber client.

  • Only groups starting with a specific string would be visible in the admin console and the jabber client.

  • Have a seperate OU to hold all of these groups.


  1. All jabber users must belong to Jabber_Users to logon to the server or be visible.

  2. Only groups starting with Jabber_ are visible in the admin console and once shared the Jabber client.

The User Search Filter used:

<searchFilter>(objectClass=organizationalPerson)(memberOf=cn=Jabber_Users, ou=Groups,ou=Jabber,dc=Jabber,dc=local)</searchFilter>

The Group Search Filter used:

<groupSearchFilter>(objectClass=group)(CN=Jabber_*)</groupSearchFilter& gt;


  • Any account to be configure as admin must match the user filter above i.e The account must belong to Jabber_User

  • The user filter must contain the full LDAP path to the user group, the group filter does not need this.

This was tested on virtual machines (vmware workstation):

Domain Controller (Server 2003 SP)

jabber Server (Server 2003 SP2) Openfire 3.5.2

Jabber Client (XP SP2) Spark 2.5.8