OpenFire 3.8.1 LDAP filters not working

evan2 · April 23, 2013, 2:40pm

I just installed 3.8.1 and I am trying to filter the LDAP (Active Directory) search . I have done searches in the past and have found several filter strings that can be used…

Remove computers
(&(objectCategory=person)(objectClass=user))

**removes computer accounts, system accounts, disabled users, and contacts. It also uses users that have an email address **
(objectclass=person)(mail=*)(!(objectclass=computer))(!(objectclass=contact))(!( cn=SystemMailbox))(!(cn=IUSR))(!(cn=IWAM))(!(userAccountControl:1.2.840.1 1 3556.1.4.803:=2)))

At this point…I can only get the first one that remove computer accounts from LDAP.

I am hoping someone can help me out here…

What I am looking to do is to only show active users and groups. Remove disabled users, remove computers, remove system accounts, etc.

Any thoughts on this?

Thanks for the help!

-Evan

speedy · April 23, 2013, 3:41pm

it looks like you have an extra space here ( cn=SystemMailbox)) it should be (cn=SystemMailbox))

evan2 · April 23, 2013, 3:57pm

Thanks for the reply!

I removed the space…but it did not help at all.

This is what i used…

(objectclass=person)(mail=*)(!(objectclass=computer))(!(objectclass=contact))(!( cn=SystemMailbox))(!(cn=IUSR))(!(cn=IWAM))(!(userAccountControl:1.2.840.11 3556.1.4.803:=2)))

See anything else wrong in there?

Is there a list of different ways to use this filter?

Thanks!

-Evan

speedy · April 23, 2013, 4:27pm

make sure you don’t have any extra spaces…loks like you have another one userAccountControl:1.2.840.11 3556.1.4.803:=2))) there shouldn’t be a space between 113556

evan2 · April 23, 2013, 4:31pm

Thanks again!

I copied the string from another post.

It’s working as it should now.

Any idea how often the client updates it’s roster list automatically?

-Evan