I know this has been addressed in the past and answered by Speedy but I'm stuck. I'm trying to filter my AD to only allow users that are members of certain groups.
I copied and pasted Speedy's suggestions for filtering below, with a few changes to reflect my environment. The filtering makes sense to me except that I get locked out at a certain point. Any advice?
Everything is under the default CN=Users in AD...
AD domain = touchstone.com
access group = IMAllowed
roster groups = Texas Site, Arkansas Site, *** Site
(*note - I'll be using *Site as part of a wildcard search, so all my groups end with Site for that reason)
First create your security groups:
Created regular security groups, Texas Site, Arkansas Site, Illinois Site, etc.
Make Texas Site, Arkansas Site, and all other "Site" groups members of the IMAllowed group.
Added my users as members of each respective "Site" group.
(included my openfire admin account (imadmin) in both Texas and the IMAllowed groups.)
Next, set your system properties in openfire:
ldap.baseDN
DC=touchstone,DC=com
ldap.groupSearchFilter
(objectClass=group)(cn=*Site)
Now if I stop at this point and restart Openfire... ALL of my domain users/computer accounts, etc are listed under users (as expected) and only the appropriate "Site" groups show up under Groups with their individual members nested inside.
Problem comes in at this point when it's time to only filter the appropriate users. I set the searchfilter like speedy suggests:
ldap.searchfilter
(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=IMAl lowed,CN=Users,DC=touchstone,DC=com)))
Save and restart Openfire. At the login prompt, I cannot login with imadmin or any other account I set as admin. At this point I have to set the Setup variable to false and try again.
Any ideas?
Thanks in advance,
Buster