I’m trying to upgrade from wildfire to openfire, and naturally it has forgotten all my Active Directory settings.
I need to filter my users based on:
memberOf=CN=IM,OU=Groups,OU=CORP,DC=my,DC=domain
in Active Directory, I put this in the search filter but I’m getting every AD account in existence(including computer accounts), how do I fix this?
Here’s my config settings:
Hey Jeremy,
Something that I found useful is to download a free LDAP browser like http://www.ldapbrowser.com/ and test the same settings you are entering into Openfire. I would say that the results of the queries should be the same :). If that is true then you can test your setup and finetune it to locate the exact info you need.
Regards,
– Gato
I had problems with ojectClass=organizationalPerson too. Below is the filter query I finally ended up with that works. It filters for (in order):
My search filter is in the <ldap> section, after </usernamefield> and before <vcard-mapping>
More info about these filters can be found at: http://www.tek-tips.com/faqs.cfm?fid=5667 `Note: Be carefull with formatting. I found this to be sensitive to how it was formatted.
<searchFilter> <![CDATA[
(&
(objectCategory=user)
(!(userAccountControl:1.2.840.113556.1.4.803:=2))
(!(memberOf=cn=nonimusers,ou=Users,dc=mycompany,dc=com))
(sAMAccountName=)
)]]> </searchFilter>
Thanks, your reply keyed me into my logic:
(&(objectCategory=user)(memberOf=CN=IM,OU=Groups,DC=my,dc=domain))
I had forgotten how LDAP does it’s queries and had the wrong ordering in my search filter.