Getting LDAP groups to work

looking at the archives this isn’t an uncommon malady. it doesn’t help that LDAP is a brain scrambler to begin with. in my case, it’s that, and it’s a relatively new deployment - we haven’t even released it into internal production yet.

that said - openfire is working with our LDAP servers. all the users show up, woo hoo! unfortunately, if i use the defaults within the ‘group mapping’ config, it lists all the users as well as all the groups. but what i want of course is it to just list the groups. what i thought would be possible would be to allow only those users that i create within a group i’ve named ‘openfire’, but for the life of me i can’t figure out how to do this. my relative unfamiliarity with LDAP assuredly does not help!

here are some example entries from my server, with some details necessarily blurred…

+--> dc=mymysterydomain,dc=com (4)

---> cn=Directory Administrators

+--> ou=Groups (9)

|---> cn=ALL

|---> cn=CRM

|---> cn=DEV

|---> cn=DW

|---> cn=Openfire

|---> cn=PROD

|---> cn=QA

|---> cn=TECHOPS

|---> cn=Zenoss

|---> Create new entry here

+--> ou=People (26)

|---> Create new entry here
|---> uid=billy

|---> uid=bobby

|---> uid=buddy

|---> uid=bork

|---> Create new entry here

---> ou=Special Users

---> Create new entry here

+--> o=netscaperoot (2)

that’s from phpldapadmin, if you hadn’t guessed. i have no idea what sort of combination of Group Field, Member Field, and Group Filter will give me what i want…

any clues from the LDAP-clued would be gratefully accepted.