powered by Jive Software

Users Limited by LDAP Group Membership

I was wondering if it possible to limit the users that are created when using LDAP based on group membership. We have several support users accounts that don’t need to be part of Openfire. I would like to create a group in AD called Openfire, place the Openfire users in that group, and have only those users picked up by Openfire. Possible?

you have to change your value for ldap.searchFilter and/or ldap.groupSearchFilter to filter only for that group

example:

ldap.groupSearchFilter: (&(objectClass=group)(cn=Openfire))

Well the example you give limits the groups that are picked up by the server. It doesn’t limit the users to users in that group. The current ldap.searchFilter is set to (objectClass=organizationalPerson). How would I modify that to only pick up users with group membership Openfire?

well, you could filter the users by memberof ldap attribute

ex:

ldap.searchFilter: (&(objectClass=organizationalPerson)(memberof=CN=Openfire,OU=Users,DC=YourDomain,DC=com))