I am running Openfire in an Active Directory domain environment. Access is limited to local ip’s, and authentication is thru the embedded database utilizing Active Directory in read only mode.
I have some groups that I do not want to be able to communicate with each other. I have only shared the groups with other groups that are allowed to see them. So they are in effect isolated from each other, which is what I want. However a user (using Spark), can click on add a contact, and, if they now the syntax, can add a user from one of the other isolated groups (they may not know to put the user@IMSERVER.domain.com.
So, after all of that, my question is how can I stop the users from adding contacts from other groups. If this cannot be done, can I implement rules using a packet filter to silently drop those packets?
You can use the packet filter. You can also try installing the subscription plugin and setting it to reject all subscription requests. You may also want to remove the search plugin to make it so users can not search for members.
Can you run a second instance of the server software on different ports for the other group? You can filter on the user fields page for which group you want to use each instance.
I’ve had up to 6 instances running on a single server for 6 different active Directory Realms.