powered by Jive Software

LDAP User Filter Query

Hi There,

I am trying to install Openfire with LDAP integration. Our users are split into different OU structures for different areas of the company so I have set the base DN to be dc=domain,dc=parentdomain,dc=co,dc=uk And I am able to connect and query.

I used the filter “(objectclass=user)(!(objectclass=computer))” as described in this thread http://community.igniterealtime.org/thread/42813?tstart=0 to return only user objects.

The isseu is I am getting objects returned that do not have {cn} or {mail} attributes when I test the settings. I figured the best Idea would be to filter where the email address is not null as only users with mail addresses will be using the service but I am not sure of the correct filter.

I would appreciate if somone can lend a hand with this.

Many Thanks,

I had a 1000 users/computers returned when I first set it up but then I found this filter:

(&(objectCategory=person)(objectClass=user))

from here: http://community.igniterealtime.org/message/204471#204471

And that cut it down to 400 with only users. Might want to try that.

Thank you for the reply.

I have tried the query you have given and it is sucessful in only returning users but it still returns users that show no name or email information when I test the query.

I have got a workaround by filtering members that ore only in a particular group with the query

“(objectClass=user)(memberOf=CN=Openfire_Access,ou=IT,ou=UserDepartments,ou=Nort h,dc=x,dc=x,dc=x,dc=x)”

However for future expansion I like to be able to return all users that have name and email details and arent in a particular group. That way I can give access glabally and restrict the few people who I don’t want to give access to.

It is the returning users that have no email address that is causing me issues.

please try this:

(&(objectClass=organizationalPerson)(mail=*))

Also please take a look here:

http://mreji.eu/content/openfire-active-directory-ldap-integration

I have tried this and it returns only users however the first few records returned have no name or email. Then it starts with the A records. I am thinking this is perhaps a ghost in the machine with my ActiveDirectory.