Looking to limit those that login

Hey guys right now I’m using a setup that uses ldap to look up “XXXXX” OU within Acitve Directory that allows any user in there to login, but things are changing and I really need to limit who can login to the client. Also I’d rather not have everyone in the OU’s have access, and now there is the need to use more than OU and not necessarily nested within the one I’m currently using. Is there a way to either:

A) Use a security group within AD to allow people to access


B) Manually add users within openfire but still have their Active Directory passwords work

Any input or new ideas would be appreciated.

edit: also, I’ve somehow nixed the original admin ID for openfire, it doesnt work anymore, does anyone know how to add it back in even though I’m using ldap authentication as a failsafe? Problem is if openfire can’t lookup any ID’s then we cant get into the database. Maybe I’m just missing where the admin ID is and need to reset the password.