I have openfire working with LDAP. I come at the IM solution from this perspective, “All users are turned off until I activate them”. The idea being, that the IM client sits on the end-users desktop and when they open it, they can’t login. Once I “activate” them on the backend, they can now open their desktop client and SSO into the front end client.
As of right now, it seems that once I have LDAP auth working, everyone is able to log on if they have a IM client.
Is there a way to make it so it works more in line with what I would like?
The “ldap.searchFilter” setting allows you to specify a filter which determines which LDAP entries are considered to be valid users. This setting is available during the LDAP setup wizard, and also on the system properties page. This can be used to achieve what you want here.
For example you could create a group in LDAP to contain authorized IM users, and set up ldap.searchFilter to select only users which are a member of that group. Then you “activate” a user for IM by adding them to this group.
The syntax of the LDAP search filter is a little arcane if you’re not familiar with LDAP, so you may need to look up some documentation on LDAP searches to construct the correct search string.