Hello all,
I just need a good example for a filter that will limit my ldap users by a group.
Lets just say all my uers are in Group - "imusers:, and those are the only ones allowed to login.
Sorry, I know that this has been covered but with all of the examples I have gotten confused!
Wayne
You can try a filter like this, bear in mind this is very generic. It goes in your openfire.xml file.
<searchFilter><![CDATA[(&(sAMAccountName=)(objectCategory=person)(memberOf=CN=SomeGroup,OU=Groups,DC=domain,DC=com))]]> ;</searchFilter>
Question… Can you have more then one search filter? Just curious…
First, I use novell e-dir. So here is the info that I should need, taken from the novell support site:
The LDAP group object class name for a Novell eDirectory or NDS server is: groupOfNames
The LDAP user attribute group membership: groupMembership
With that in mind, I have tried the following without success:
<searchFilter>(&(objectClass=groupOfNames)(groupMembership=cn=chatuser s,ou=IM_Groups,o=lc_usd447))</searchFilter>
The context is correct, but I am unsure about the formatting and am unsure how to modify your example, any suggestions?
Wayne
BTW… Dude, you are a huge help… Thanks for all you do!
Examplo in my case:
<groupSearchFilter>((objectClass=posixGroup)(!(cn=Domain**)(!(cn=**ors))(!(cn=Default))(!(cn=Admins))(!(cn=NoGroup))))</groupSearchFilter>
Good article on filters in ldap: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/searc h_filter_syntax.asp
Have a nice day
Joelson
Is there a specific place in the openfire.xml file that the search filter needs to go? I’m using Openfire 3.6.0a binding to active directory 2003.
Thanks,