LDAP - multiple user OUs

My AD is huge, with over 5,000 facilities. Each facility OU has a Users OU. 5 of these 5,000 facilities are mine and contain about 150 users.

Does anyone have any idea how I can setup LDAP so OpenFire only knows about these 150 users, and not the 50,000 others in our org?

you can use ldap search filters to filter out what you want and don’t want.

here is one way of doing it

How to Setup Dynamic Groups and Shared Rosters with LDAP/AD

1 Like

That seemed to work for my groups. Now I see only the groups matching my filter, but I still see 20,000 users rather than the 150 that match my search filter.

Double check your search filter property


(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire Access Group,CN=Users,DC=AD-DOMAIN,DC=local))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

it should look something like that.

It looks exactly like that except for my specific domain info. I copied & pasted from your post:

(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=MTI APP Spark,OU=Groups,OU=MTI,OU=Facilities,DC=xxxx,DC=net))(!(userAccountControl:1.2. 840.113556.1.4.803:=2)))

What’s strange is that I set it to “Do not encrypt this property value” but it gets encrypted anyway. I’m going to just reinstall and use an external database so I have more control over the settings.

the encryption thing is a bug. If you enter it again and check “do not encrupt…” it will save it correctly. regardless, I think its better to use an external DB anyway!