LDAP group search filter setup

I was wondering if some one could show me an example of the correct way to setup a group search filter for LDAP that would use the members of one particular group as the users for the wildfire server

Thank You


Here’'s what I do using Active Directory:

cn member description <![CDATA[


In english:

  1. Only users of the JabberAccess security group can login to Wildfire

  2. Only groups that are a member of the JabberAccess security group are populated as shared groups in Wildfie

In practice:

To add a new department to Jabber, I add all of the users to the JabberAccess group and then also add their department’‘s security group to the JabberAccess group. That way I can manage everything from AD. The only catch is that you have to login to the Wildfire admin console to enable sharing for the new group. I’'ve submitted a feature request to allow autosharing of LDAP groups. To help support the request, go vote for JM-193.


Thanks very much. Excellent stuff. Implementing now.

The original poster might want to mark this question as “answered”.

Peace. Love. Linux.



Excellent stuff… thanks

This will eliminate a lot of erroneous accounts in Wildfire.

thanks again



if you need one for eDirectory instead of AD, let me know I have one for LDAP eDir.


I’‘m using eDir, so if you can post what you’‘ve got, I’'d appreciate being able to compare notes.



this is to allow users that have the attribute to log in. with a minor change to the class it should allow you to do the shared groups.


Any idea why when I add the recommendation above , I can’'t login to the admin anymore? My AdminDN and everything is still there. I just copied the part from the top over my USERNAMEFIELD and changed to our domain?

The administrator account is in the JabberAccess group too.

Yes, it specifically looks at the LDAP for users. admin is local and will not be able to log in.

Sorry, to be more specific. THis is a limiting search. if admin is not in the group specified then it will not log in. That was the idea when The other admin and I came up with it. we have one group in eDir with one attribute that allows them to login . this filter only allows those users access.


Message was edited by: jeff_garner


Do you know how the do the same with OpenLDAP ??

Thanks for all theses very usefull informations.