Filter Disabled AD Users (LDAP)

jeffk · May 8, 2007, 7:46pm

I am using the current version of OpenFire with LDAP and Active Directory. We have several users that are “disabled”. How do I filter those users out so they are not listed in the main users list or in the offline contacts of the IM client.

I believe its with “User Filter” on “Step 2 of 3: User Mapping” but nothing works so far.

I have found that “(!(userAccountControl:1.2.840.113556.1.4.804:=2))” does work in the main listing but I get errors in the logs

2007.05.04 16:24:03 [org.jivesoftware.openfire.roster.Roster.(Roster.java:165)

] Groups () include non-existent username (taccount)

Bill1 · May 14, 2007, 8:02pm

Can you include your config so we can get a better idea of what your setup is like?

thanks

Robert7 · May 14, 2007, 9:35pm

Looks like you just need to exclude groups from the user list LDAP filter. Something ala:

(&(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))

Jason_L · May 14, 2007, 10:35pm

I haven’'t tried this but I have found out that openfire uses typical AD/ldap search queries to search in AD. This page helped me get my setup filtered down to exactly what I needed.

jeffk · August 1, 2007, 3:13am

Thanks