I am trying to restrict the AD users in Openfire to active users (ie not disabled) not in an exclude group (in case I have to banish a problem user).
From other posts, I thought the following would work.
The opjectCategory=user is working, but the not disabled and not member of nonimuisers do not work - I still see those users.
Can anyone help me with this searchFilter?
Seems a little old, but I’ve succeeded in doing half of what you want - not showing disabled users - with this search filter:
(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556. 1.4.803:=2)))
As far as excluding users who are members of a specific group, I haven’t gotten that to work yet, and I’m using syntax identical to yours for that.
Hi there,
Here’s the filter I use… it works in reverse of what you want, instead of excluding a group… it only allows members OF that group to access the server… so anyone that is part of “ChatUsers” group may connect.
But maybe it will help you figure out what you need…
<searchFilter>(objectClass=organizationalPerson)(memberOf=CN=ChatUsers;OU= MyGroups;DC=mydomain;DC=net)(!(userAccountControl:1.2.840.113556.1.4.803:=2))< ;/searchFilter>