powered by Jive Software

Upgrade Help

I’m trying to upgrade from wildfire to openfire, and naturally it has forgotten all my Active Directory settings.

I need to filter my users based on:

memberOf=CN=IM,OU=Groups,OU=CORP,DC=my,DC=domain

in Active Directory, I put this in the search filter but I’m getting every AD account in existence(including computer accounts), how do I fix this?

Here’s my config settings:

Hey Jeremy,

Something that I found useful is to download a free LDAP browser like http://www.ldapbrowser.com/ and test the same settings you are entering into Openfire. I would say that the results of the queries should be the same :). If that is true then you can test your setup and finetune it to locate the exact info you need.

Regards,

– Gato

I had problems with ojectClass=organizationalPerson too. Below is the filter query I finally ended up with that works. It filters for (in order):

  • Show only users

  • Exclude disabled accounts

  • Exclude members of the group nonimusers.

My search filter is in the <ldap> section, after </usernamefield> and before <vcard-mapping>

More info about these filters can be found at: http://www.tek-tips.com/faqs.cfm?fid=5667 `Note: Be carefull with formatting. I found this to be sensitive to how it was formatted.

<searchFilter> <![CDATA[

(&

(objectCategory=user)

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

(!(memberOf=cn=nonimusers,ou=Users,dc=mycompany,dc=com))

(sAMAccountName=)

)]]> </searchFilter>

Thanks, your reply keyed me into my logic:

(&(objectCategory=user)(memberOf=CN=IM,OU=Groups,DC=my,dc=domain))

I had forgotten how LDAP does it’s queries and had the wrong ordering in my search filter.