LDAP Groups filtering

Hi everyone,

I’m trying to setup Openfire 4.0.2<->LDAP interaction, almost everything works fine except group filtering. I see no group filtering rule in Administration Web Console (there is ldapsearch filter but for users only). I have found in docs that there is a ldap.groupSearchFilter option - but can’t understand exactly how to use it. This document has an example on how to implement such a filtering by using openfire.xml. But this example isn’t really clear for me - in my understanding Openfire setup divided into 2 parts: one is openfire.xml and another keeps somewhere else (other configuration files or in DB) and openfire.xml doesn’t contain settings mentioned in Web Console so I final configuration is an aggregation of these 2 (or more than 2) parts.

I’ll be appreciated if somebody could put some light on how to impolement LDAP Group filtering. I’d like to filter group - not all groups available in LDAP Directory are really needed in Openfire.

Right now I see that I have to add ldap.groupSearchFilter option into openfire.xml. But there are other settings included in mentioned example - should I add these settings as well? If I’m right thinking that final config is an aggregation of openfire.xml+something_else and keeping in mind that I already adjusted other LDAP related settings by Web Console, will such addition break my configuration or not? From my experience: for some systems if you have same settings adjusted in a config file and in a DB, config file might override same option. Openfire works like that or not?

Set the base DN and the Administrator DN. After:

Openfire server installation and configuration steps - YouTube

I made with these steps.

Thanks for your reply. I’ve checked this video and found it useless for me (I already did all what this guy did) and, in addition, there is a mistake during setup: he doesn’t use LDAP notation for admin user (like “cn=openfire,…”) so I can say this tutorial is good for illustrating common idea on how to install Openfire but I cannot say anybody will follow it exactly as mentioned. There are others LDAP directories than AD and recipe mentioned here will not work for them (and I’m in doubt it will be 100% reliable for even AD).

Anyway, this video describe standard process of Openfire setup, there is nothing new to me. And I didn’t find the answer to my question regarding ldap.grouSearchFilter.