How to configure Filr LDAP search to only include members of a certain group

Would like to limit the number of users added to the Filr server, using group membership to do so.

Log in as the admin user to port 8443, select the Administration Console from the drop down menu in the upper right hand corner of the screen.  Under System on the left select LDAP.

Modify the Filter under the Users section to look like this (for eDir):

(&(|(objectClass=Person)(objectClass=orgPerson)(objectClass=inetOrgPerson))(groupMembership=cn=filr,ou=users,o=novell))

Note the addition of the "(&" at the beginning and the groupMembership qualifier at the end.  In this example the name of the group is filr and it is in the users OU.  An additional closing" )" is needed to keep the filter balanced.

Also note that the format of the string should not included a line break as may be displayed when reading this document.

If users have been already added from the tree with previous LDAP queries, checking the Delete Users that are not in LDAP box, and syncing again, can help clean up unwanted users.  Be careful as this will remove any user that is not a member of the Filr group.

The same filter for an AD group would look like:

(&(|(objectClass=Person)(objectClass=orgPerson)(objectClass=inetOrgPerson))(memberOf=cn=filr,ou=users,dc=novell))

Note: Do NOT add carriage returns in the user/group filters.