powered by Jive Software

LDAP Integration options?

Hi,

We just installed Wildfire 3.2.1 (the free version), using LDAP integration for users and groups. LDAP was easy to setup and seems to be working perfectly.

Two problems though. One, we have multiple user accounts that are ‘‘special’’ in some way, like those used by some automated process. I need to be able to exclude certain accounts. Two, same goes for groups. Most groups we do want displayed, like class groups, dept. groups, etc. But there are many, many we do not.

These two problems, I have to believe, are common to many organizations.

There doesn’'t seem to be a way to do this, in the free or enterprise editions. I can think of three ways to do this. One, have a section in the admin pages somewhere where a list of DNs to exclude may be entered, both for users and groups. Two, Modify the LDAP dir. schema to add a field for ‘‘wildFire_user’’ and have it settable to 0=no, 1=yes, 2=yes, but disabled, or something like that. Three, allow for more granular LDAP integration configuration. Instead of only having one Base DN setting, allow the entry of multiple base DNs, and for each allow whether to search sub-branches.

Option one is more attractive to me as we’'re not crazy about modifying the LDAP schema, or options 1 and 3 would be good. Just 3 alone would be an improvement but not a complete solution.

Is this possible and I just missed it? Or can/will this be added in the future?

Thanks!

Two more options:

  1. This is how I do it: create a JabberAccess group, and make all users/groups that should appear in Wildfire members of that “supergroup.” After doing this, simply use a custom LDAP query to require “memberOf=…” for users and groups.

  2. Maintain your own custom LDAP query to exclude the objects you want excluded. Example:

(&(...)(!(|(cn=sample1)(cn=sample2)(cn=sample3)))))

Note: for some reason, the ampersand in the above filter is being munged by the forum software.