Restrict Spark messanger access with LDAP

I have just installed openfire on a windows server 2003 and turned on LDAP athuentication. I do not want every user in AD to have the abbility to log into Spark. Instead i would like to restrict access to only people that are in an AD security group. Is there a way to do this?

We have a fairly complex OU setup so I cannot just move the users into one OU and make that the base folder openfire querys.
teste3.xml (632 Bytes)

http://www.igniterealtime.org/community/docs/DOC-1554

If you can define some custom attribute to control access you can specify any filter you want for access to the OpenFire server. We defined an attribute “morrisonimaccess”, and filter users so that morrisonimaccess=Y.

use group membership and the memberof=sparkgroup in your user filter.

would you mind sharing how you did that (is it an edit to openfire.xml? specifying a filter - would love to see) - we would like to restrict access to only those who have a specific value for an attribute that we will create - e.g. accessJive: Yes

thanks,

sg