powered by Jive Software

Filtering AD authentication with groups

Hi all,

I’ve set up openfire successfully and got some question now.

On our Active Directory server there is a group “imusers” and I just want these users to be authenticated.

Unfortunately I cant find a user filter working.

I tried (&(objectClass=organizationalPerson)(memberOf=imusers)) which is not working.

I think because AD is not using the “memberOf” attribute at the user object.

So my question is how I can set up an user filter where just persons, that are a member of “imusers” are authenticated?

Thanks a lot,

Matthias

Hi,

try the full DN in the query string; something like …memberOf=‘CN=imusers,DC=domain,DC=extension’ (case sensitive), where “domain” and “extension” are the corresponding AD domain realm and ext (ex. “acme.com”, so ‘CN=imusers,DC=acme,DC=com’)

bye

Hi,

thanks for that tip, instead of memberOf='CN… it is memberOf=CN=

Thanks,

Matthias

I can’t seem to get this to work the way it is discussed here. Could you provide more detail on the solution?

In short, I have an OU (in AD) where all of my users are populated dynamically (they change often). There are thousands of users in the OU. We are only licensed for 25 so I oubviously need to trim this down. It would seem that a group would do this nicely. I have created the group and tried to use it in the filter as suggested here. I alwasy get the error (when pressing the test button) that 0 users where returned.

Thank you.

I found the format for the syntax that i needed at this post:

Thanks.