Restricting access to a particular group with LDAP

Openfire Openfire Support
1

Hello,

We are using LDAP, and we have successfully configured openfire to authenticate against our ldap server. Thanks for making this part so easy. Next, we would like to restrict access to a specific group. Does OpenFire support this functionality? If so, how do I specify the name of the group? Thanks!!!

2

yes,

use packet filter plugin http://community.igniterealtime.org/community/plugins/packetfilter

3

Could you please elaborate on this? I see instructions on how to install it, but I am not seeing any details on how to use it for limiting ldap groups. I would appreciate any help. Thanks!

4

I guess I may misunderstand “restrict access to a specific group” part.

Can you explain by given an example on what are you trying to achieve?

Is it…

  1. Do not allow certain LDAP group to login to openfire.
  • That can be done by configuring **ldap.searchFilter, **I use based DN dc=,dc=, by doing that I include every single group from my directory. Than I created multiple groups and add them to ldap.searchFilter in following format:
  • (|(memberOf=CN=,ou=,dc=,dc=)(memberOf=CN=,ou=,dc=,dc=))
    so only members of GROUP1 and GROUP2 are allowed to login
  1. Block some functionality from members of specific LDAP group.
  • That located at Server/Server Settings/Packet Filter rules/ where you can setup restrictions based on various variables.
5

Hi,

I want to ensure that only members of a specific group have access to this openfire server. This would be very helpful. Thanks.

6

Than look at #1 from my prior post. Please keep in mind, The only way I was able to make ldap.searchFilter with multiple groups, is by pointing base DN to te root of my LDAP.

7

I went through a similar thing a while ago. If it is a MS AD install, you could look at http://community.igniterealtime.org/message/196870 . If it is not, you may need to make sure the users are explicity defined as members of you Openfire User group and use the memberof filter.

Brian