I’ve got Openfire 4.0.2 installed and successfully querying LDAP on my Active Directory server. However, it’s pulling in computers objects as well as user objects. I have this value set set for the ldap.searchFilter property: (&(objectCategory=person)(mail=*)(objectClass=user)). In theory, this should filter out any object in the OU I specified that doesn’t have an email address (like a computer object and other User objects that I don’t want people to be able to chat with). In practice, I’m still seeing all objects in the OU I specified when I set up LDAP.
userAccountControl:1.2.840.113556.1.4.803:=2 select only ative users (will filter out disabled users, so if you disable user, he will disappear from user list) (more at https://support.microsoft.com/en-us/kb/305144))
memberof=CN=,OU=,DC=domain,DC=com member of some group, for example openfire_users