Group-based LDAP Authentication

I’m in the middle of configuring openfire with LDAP authentication. Our AD environent is quite large (thousands of users). The department that I am in, however, has it’s own OU and would like to only allow users within a particular group to authenticate to openfire.

For example:

All users are in base DN: ou=Users,dc=company,dc=com. We do not want all the users to be able to login to the server so we’ll create a group called ‘Openfire Users’ in our OU. The DN for the group would be: CN=Openfire Users,OU=Groups,OU=mydepartment,DC=company,DC=com.

Is there a way to restrict logins to only those users that are a member of “Openfire Users”?


Actually… I just found a couple of posts on the same topic: