Multiple Groups with filtering on who can see who

I am new to OpenFire. The administrator who set it up left the company and I am left to clean up the pieces. Right now the server is only being used by the IT department and sees only the members of IT. I would like to use the same server to roll out to other departments however I do not want the other departments to IM outside their own dept. We have about 15 departments with about 10-20 users each that want team based IM. Any ideas on how this can be done. Oh yeah we are AD LDAP bound. What I am trying to avoid is people bypassing our helpdesk and just IMming someone IT they know when they have a problem.

Also if possible to have a HelpDesk bot account that maybe can receive HelpDesk IM requests from people and it gets queued and then a real Helpdesk person can answer it and it proxies their real identity. This is a nice to have but not as importnat as the above.

Here some tips:

Openfire and LDAP http://www.igniterealtime.org/community/docs/DOC-1554 Dont know is it covering the isolation of the groups. I know it can be achieved with simple local Shared groups. Not sure about LDAP.

Also, to achieve full isolation (as people could still be able to add not authorized contacts and send direct messages to JID addresses) you may want to look at Packet Filter plugin (Downloads > Plugins). It will let you to create rules forbidding communication between groups or single users.

Finally. Not exactly a Helpdesk bot you want. Openfire and Spark has a support system plugin called Fastpath, where support requests can be queued and forwarded to the appropriate agents. http://www.igniterealtime.org/community/docs/DOC-1529