powered by Jive Software

LDAP Filter not working

I’ve got Openfire 4.0.2 installed and successfully querying LDAP on my Active Directory server. However, it’s pulling in computers objects as well as user objects. I have this value set set for the ldap.searchFilter property: (&(objectCategory=person)(mail=*)(objectClass=user)). In theory, this should filter out any object in the OU I specified that doesn’t have an email address (like a computer object and other User objects that I don’t want people to be able to chat with). In practice, I’m still seeing all objects in the OU I specified when I set up LDAP.

Can anyone help?

I use OpenLDAP. Dunno if my settings might help or steer you in the right direction:

ldap.searchFields = Username/uid,Name/cn

ldap.searchFilter = (&(objectClass=posixAccount)(uid={0}))

ldap.searchfilter = (&(objectClass=inetOrgPerson)(memberOf=cn=chat_users,cn=groups,dc=mydomain,dc=c om))

I can’t tell you why I wound up with two filters, but it works and it’s a black box to me, so I leave it the heck alone :slight_smile:


Try to use something like this:

(&(&(samAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) (memberof=CN=,OU=,DC=domain,DC=com))

Couple of explanations:

samAccountType=805306368 select only users (more at https://msdn.microsoft.com/en-us/library/ms679637(v=vs.85).aspx )

userAccountControl:1.2.840.113556.1.4.803:=2 select only ative users (will filter out disabled users, so if you disable user, he will disappear from user list) (more at https://support.microsoft.com/en-us/kb/305144))

memberof=CN=,OU=,DC=domain,DC=com member of some group, for example openfire_users