Not sure of LDAP DN

So my AD structure looks like

DC=ABC,DC=COM

OU= Toledo

OU=USERS

OU= Boston

OU=USERS

So if I want all my users in Openfire … what would my DN be? The Admin would be one of the users in one of those areas … would it be better to specify a separate , “dedicated” AD account for ADMIN?

base dn would be

dc=abc,dc=com

admin dn is just an account that has rights to do ldap lookups. This should be a non privileged account. by default by default any domain user account has access to do ldap lookups…

just enter it in like username@abc.com and you should be fine.

OK … one followup

DC=ABC,DC=COM

OU= Toledo

OU=USERS

OU= Boston

OU=USERS

OU=Machines

OU=Chicago

OU=USERS

So each (some) of the “City” OUs has a USERS OU … and some have OUs for machine accounts … generic ones used for special functions … anyway to filter those out ? Also, lets say Chicago does not want to join the IM party … can you filter them?

yes…you can build custom ldap search string to. I find that the easiest way is to use group membership and then search against group members.

Where can I find documentation on that do you know?. I’ve seem people refer to LDAP doc but have not been able to find it for Openfire

create a DOMAIN local security group call IM Access Group and place it in your USER container under the root of your domain. Add users t…then use the following search filter.

ldap.searchfilter

(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=IM Access Group,CN=Users,DC=abc,DC=com)))

only user that are added to the group will show up and be able to access IM