I thought I would post my findings as I had seen a number of different posts around this topic.
The criteria for this setup was:
Only users in a specific user group would be visible in the admin console and able to access the server using a jabber client.
Only groups starting with a specific string would be visible in the admin console and the jabber client.
Have a seperate OU to hold all of these groups.
All jabber users must belong to Jabber_Users to logon to the server or be visible.
Only groups starting with Jabber_ are visible in the admin console and once shared the Jabber client.
The User Search Filter used:
The Group Search Filter used:
Any account to be configure as admin must match the user filter above i.e The account must belong to Jabber_User
The user filter must contain the full LDAP path to the user group, the group filter does not need this.
This was tested on virtual machines (vmware workstation):
Domain Controller (Server 2003 SP)
jabber Server (Server 2003 SP2) Openfire 3.5.2
Jabber Client (XP SP2) Spark 2.5.8