Restricting access to a particular group with LDAP


We are using LDAP, and we have successfully configured openfire to authenticate against our ldap server. Thanks for making this part so easy. Next, we would like to restrict access to a specific group. Does OpenFire support this functionality? If so, how do I specify the name of the group? Thanks!!!


use packet filter plugin

Could you please elaborate on this? I see instructions on how to install it, but I am not seeing any details on how to use it for limiting ldap groups. I would appreciate any help. Thanks!

I guess I may misunderstand “restrict access to a specific group” part.

Can you explain by given an example on what are you trying to achieve?

Is it…

  1. Do not allow certain LDAP group to login to openfire.
  • That can be done by configuring **ldap.searchFilter, **I use based DN dc=,dc=, by doing that I include every single group from my directory. Than I created multiple groups and add them to ldap.searchFilter in following format:
  • (|(memberOf=CN=,ou=,dc=,dc=)(memberOf=CN=,ou=,dc=,dc=))
    so only members of GROUP1 and GROUP2 are allowed to login
  1. Block some functionality from members of specific LDAP group.
  • That located at Server/Server Settings/Packet Filter rules/ where you can setup restrictions based on various variables.


I want to ensure that only members of a specific group have access to this openfire server. This would be very helpful. Thanks.

Than look at #1 from my prior post. Please keep in mind, The only way I was able to make ldap.searchFilter with multiple groups, is by pointing base DN to te root of my LDAP.

I went through a similar thing a while ago. If it is a MS AD install, you could look at . If it is not, you may need to make sure the users are explicity defined as members of you Openfire User group and use the memberof filter.