Listing LDAP Groups (AD)


I’'m trying to list the groups that exist in our Active Directory environment in Wildfire but so far unsuccessfully.

The problem is that our baseDN =, which has separate OU’'s, for example:

  • ou=groups,dc=domain,dc=com

  • ou=users,dc=domain,dc=com.

When I set the basedn to ‘‘’’, I am unable to login as user ‘‘xyz’’, if however I set the basedn to ‘‘ou=users,dc=domain,dc=com’’, users are able to login but obviously the listing of groups doesnt work anymore.

I presume I have to fix this by setting up searchfilters… but you can’'t limit a search to a specific OU can you? if so… how can I do this?


For user auth:

Assuming you wanted to limit the folks to can by a group named WF_Allusers

<searchFilter>(&(objectClass=user)(memberOf=CN=WF_Allusers;CN=Users;D C=domain;DC=com))</searchFilter>



For Groups:

<groupSearchFilter>(&(objectCategory=Group)(objectClass=group))</gr oupSearchFilter>

If this doesnt work for you, can you please send your config so I can better understand your setup.

That’‘s not the point; there is actually 3 OU’'s at top-level


ou=local groups,dc=domain,dc=com


I want to limit the group lookup to OU=Recipients, and nothing else…

To clear things up a bit more, I want to list ALL groups inside ou=local groups, and I want to list ALL users inside ou=recipients, but I dont want to list anything on top-level; so my filter has to include the OU


would you please post your configuration and enable the LDAP debug logging? So you should see why “if I set the basedn to “dc=domain,dc=com”, Logging in as user xyz won’'t work” causes problems.