powered by Jive Software

Restrict Access to a handful of users

I work for a large university that uses eDir for it’s 30K+ users. I don’t have privileges to do any edits to said eDir so I can’t change user attributes or even set up groups. I work for a department within the university and want to restrict access to my office users only. The best way I can think of to do this is to specify the usernames of my department’s workers. My understanding is that the user filter is the way to go. BUT I only know how to specify a single username per the documentation. This is the syntax that I’ve successfully used:

(&(cn={0}) (cn=user1))

How is this done for multiple users?

Thanks!

I dont quite understand how is this related to Openfire. Where in the Openfire do you put this filter? Or are you asking about eDir configuration? Then this is probably a wrong place to ask.

Sorry for my lack of clarity, but I’m referring to ldap authentication on Openfire. I’m authenticating against an eDir that has 30K+ users but I only want to see about 50 of those. I was hoping there was a way to list which users can log in via the openfire.xml file. I can’t create a security group b/c I don’t have those privileges on the eDir. I saw this in a another thread on how to deny certain users: (&(!(cn=user1))(!(cn=user2))(!(cn=user3)))

That works for me but I need to do the opposite. I want to allow users listed to log in and no one else. I’ve tried tweaking the above but haven’t had any luck.

you are correct that this should be a user filter. You can string any number of users into an LDAP query using the proper deliminator.

ex.

(&(objectClass=organizationalPerson)(|(cn=user1)(cn=user3)(cn=user20)))

Thanks Todd! That did the trick.