powered by Jive Software

Filter Disabled AD Users (LDAP)

I am using the current version of OpenFire with LDAP and Active Directory. We have several users that are “disabled”. How do I filter those users out so they are not listed in the main users list or in the offline contacts of the IM client.

I believe its with “User Filter” on “Step 2 of 3: User Mapping” but nothing works so far.

I have found that “(!(userAccountControl:1.2.840.113556.1.4.804:=2))” does work in the main listing but I get errors in the logs

2007.05.04 16:24:03 [org.jivesoftware.openfire.roster.Roster.(Roster.java:165)

] Groups () include non-existent username (taccount)

Can you include your config so we can get a better idea of what your setup is like?


Looks like you just need to exclude groups from the user list LDAP filter. Something ala:

(&(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))

I haven’'t tried this but I have found out that openfire uses typical AD/ldap search queries to search in AD. This page helped me get my setup filtered down to exactly what I needed.