LDAP searchFields Filter By Group Membership or Multiple alternateBaseDN's

I am in a school setting and have LDAP (Active Directory) working. The problem is my OU structure is based on my building layout. I have an OU for each building. Within each building OU, I have 2 OU’s - one for Staff and one for Students. When I set my baseDN to search the entire domain structure, I get students and staff. I want staff only. I can use the alternateBaseDN to limit search to a building staff OU, but it doesn’t appear to allow multiple alternateBaseDN’s. Which limits me to only 2 groups of building users. My question: Is there a way to use multiple alternateBaseDN’s or a way to include a group membership in the ldap.searchFields entry?

Thanks in advance for any help. I just discovered OpenFire yesterday. It was a breeze to setup. Just this one glitch so far.

Might I suggest creating a group that all staff members belong to. Then use a user filter to limit openfire to users of that group. An example of that filter would be:

<searchFilter> <![CDATA[[(&(objectClass=organizationalPerson)(memberOf=cn=AllStaff,ou=Group s,dc=domain,dc=com))]]]></searchFilter>


Thanks. I do have an all-staff group. I’m not sure I understand all of the syntax/keywords. What is CDATA? Do I leave this and just change the DC and group names?

This is a filter you can manually add to your openfire.xml file. You would need to stop the openfire server first then edit this file then start the server again.

Just tried the search string - Perfect!


Is there any place in particular the search filter needs to go? I’ve added it to my config file and it’s not working

Please start a new thread this one is already closed.