I am trying to find out if there is a way to set it up so certain users can’t chat with other users? Like an employee at Location 1 can only talk to people at Location 1 or other approved people and not to people at other locations. Is this possible? An if so, how? Is it on the server, AD or through the IM client?
There is no real easy way to do this. There is a plugin called packet filter that may help. Thinking outside the box you may be able to use a combination of AD groups and the Subscription plugin to achieve this goal. Create the required groups in AD, share the group via Openfire Users/Groups tab (do not share to anybody outside the group), configure the Subscription plugin to Reject All.
I make no guarantees that this will work but in theory it should. The users will only see users in their roster that are in shared groups they are members of and they will not be able to add to their own roster.
Wow…good theory. I’ll have to look into this and see if it’s possible for me to setup.
OK With this theory it brings up a new question. In the users and groups sections it lists ALL users and groups…and also includes computer names in the users summary. Is there a way to filter it out so it won’t show computers or certain users in the users list?
Basically, is it possible to set it up so users that are in the AD group “Domain Users” only show up in the user summary? And if so, how?
Sorry this new setup is confusing me and I’m not getting the LDAP setup for it.
In your openfire.xml config file make sure the LDAP user search filter says (objectClass=organizationalPerson)
Awesome, thanks for the link to it.
This does bring up the same issue I just posted though. There are so many computers showing up in our user list that it has maxed out and I can’t see all the actual users in the list to setup the filter. How can I get the computers out of my user list?
Did you adjust your user filter with the value from my previous post?
Just double checked the XML file and it is setup to default
so yes that is what I have in there
Here is my openfire.xml settings that work correctly. I had the same issue with computers show at one point too. I just do not remember what setting actually fixed it.
yea mine is setup almost exatly the same except
which wouldn’t have any relevance in the group field. Are you using a linux based or microsoft based AD/LDAP? and what version?
AD on Server 2003
Same here…have you done anything special to AD for your openfire to query through LDAP settings? Someone had told be once before you could enable certain options and change certain values so it is easier to query AD from other programs?
nope I have not done anything other than having a well organized AD tree.