powered by Jive Software

Trying to limit AD users OpenFire picks up

Hello Everyone,

I have a top level domain school.lan

Under this I have severl OUs: hs, jh, ms, etc.

In each OU I have a user folder.

In each of of these folders, I have subfolders for staff and students.

How can I only integrate only the staff from each site (hs, jh, ms, etc…)?

The main thing is I don’t want the students.

Thanks in advance for all of your help.

If OpenFire works out like I hope, I might open it up to students as well.

not sure if I’m picking up your idea properly but it sounds like you want to roll out an Openfire/Spark combination, using AD to populate your user base on Openfire, and having only staff able to use the system.

If so, the way I would do it, selectively rolling out to specific users, is to create an AD group called Comms that has only staff members in, install Openfire on your server and have it connect to the AD server for it’s userbase, install the Spark app on the servers that the staff use (do they have a staff-only server setup?) or if not, install Spark on the staff/student servers but do not select “install icons and start menu groups on all users”, just copy them in manually to the documents and settings folders of the individual users that should have this.

Use the Groups section in the Openfire Admin console to share the Comms group to all users it contains, then let the staff user’s login?

Hey Daryn,

Thanks for your response. I guess I should have been a little more clear in my initial question. I am trying to roll out an OpenFire/Spark combo, with users imported from AD. I did have it set up, but after the import I saw that it had every user I have listed in AD. What I am trying to do is limit the number of users imported up front. This would limit the number of users in OpenFire. The perfect answer would be if I could set multiple Base DNs during the initial import. Do you know if such a thing is possible? The staff and students use different computers, so it is not a problem to keed students from using the IM. I am just going for a cleaner, leaner, meaner OpenFire install.

You should still create an AD group for openfire users. Use this group for the user filter in in openfire. This will limit the users to members of that group.

Sample Filter:

(&(objectClass=organizationalPerson)(memberOf=cn=WebISteam,ou=ChatGroups,ou=acco unts,dc=domain,dc=com))

Hi Todd,

Thanks for your suggestion. I went ahead and created a group and placed it in the default Users container. However, I can’t seem to get the filter to work durring the inital setup of OpenFire. In Step 1 of 3:Connection Settings, I set my Base DN to dc=school,dc=lan. That works. It is Step 2 of 3: User Mapping where I have been brought to a grinding halt. Laving sAMAccountName UserName Field, and going into Advanced Settings I enter this user filter: (&(objectClass=organizationalPerson)(memberOf=cn=FiredUp,cn=Users,dc=school,dc= lan)). It finds no users. the group has other groups in it which have the users. If I use just (objectClass=organizationalPerson) I get all the templates and students. I’m sure it has to be somthing like I forgot to check the “Please make it easy for me” box. I tried both cn and ou. But verified it is cn by running ldp on a domain controller. Thanks for all of your help.

Hi Todd,

Thank you for your help. That filter worked great. Is it a bug or a limitation of the software that it only worked when I added people to the group and not other groups. Thanks for all of your help. Points for you.

There is no limit to the number or names of groups you can add people to and have it work. I personally belong to 3 shared groups and the limiting group on my server.