I’'m trying to write an LDAP filter for Active Directory that will pull all the groups that belong to the group “Wildfire Groups”. This is what I have so far:

When I use the group filter using ldap browser, it’'ll pull the correct groups. But when I put the filter into Wildfire, I see nothing.


I had an issue where the list of users returned in a group through the LDAP Administrator (Softerra) didn’'t match what Wildfire was returning. It turned out that it was a permissions issue.

Is the user that you’'re using to query Active Directory the same one that Wildfire is using?


for testing purposes until this goes live, I’‘m using an administrative account. This account has access to both read and write to AD, so I don’'t think thats the issue.

LDAP Browser and Wildfire are setup to use the same user.

hurray, i figured it out.

It was actually part of my config I didn’'t post… the baseDN. I have it working now!

This is my working config for anyone else who has questions:

<groupSearchFilter><![CDATA[(&(objectClass=group)(memberOf=cn=Wildfire Access,ou=groups,dc=domain,dc=com)(member=))]]></groupSearchFilter>


Would you have a recommendation then on how I could do a group filter that would look through the description of every group on the server and select the ones that start with J-?

Wildfire 3.1 needs the *

Wildfire 3.0 needs instead of the *

wvankuyk, I just tried your AD filter (below) for 3.1.0 and my XML file isn’‘t happy (it keeps asking me to setup again which leads me to think there’'s something missing here…???). I setup a group with a description of J-Wildfire.

Any ideas?

D’'oh! Just found the fix… a square bracket was missing:

I’‘ve been trying to get this working for days!!! Thanks heaps… you’'ve made my day!