In this example I’ll be using the following:
AD domain = AD-DOMAIN.local
access group = Openfire Access Group
roster groups = _IM Group1, _IM Group2
(*note - I’ll be using _IM as part of a wildcard search, so all my groups start with _IM for that reason)
First create your security groups:
-
Create a Domain Local Security Group. In our example call it
Openfire Access Group. In this example, I’ve placed the group in the user container. -
Create regular security groups (usually Global). In this example:
_IM Group1and_IM Group2 -
Make
_IM Group1and_IM Group2members of theOpenfire Access Group -
Add your users to the
_IMgroups
NOTE: be sure to include your openfire admin account in a group, or you will not be able to log into the admin page.
- Next, set your system properties in openfire:
ldap.baseDN = DC=AD-DOMAIN,DC=local
ldap.groupSearchFilter = (&(objectClass=group)(cn=_IM*))
*This will only list groups that start with _IM
ldap.searchfilter = (&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Openfire Access Group,CN=Users,DC=AD-DOMAIN,DC=local))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- watch out for cut and paste issues. Sometimes an extra spaces will be added in the string that will need to be removed. There should be no spaces in memberOF or userAccountControl.
*This string will only allow, and display users that are members of the Openfire Access Group (including members of nested groups) that we created earlier. Disabled user accounts are excluded.
Restart Openfire.
At this point, only the _IM groups will be listed, as will only the users of the groups.
- Enable Contact List Sharing for shared rosters. (optional)