The documentation doesn't give any hints that would indicate it to be possible.
I think it should be possible when you use a ldap filter using memberOf.
This is what I already found out. The problem is getting it to work within the own environment. It would be nice if there was some more documentation about this subject. It is a common scenario for a production environment.
Peter Bijl wrote:
Is it also possible to restrict on groups?
For instance only people which belong to a certain ldap group are allowed to login to the management console.
Darran pointed me to a couple of JIRAs you might be interested in watching:
I managed to get a working solution with Active Directory 2008R2:
<ldap connection="ldap_connection" recursive="true" base-dn="CN=Users,DC=petersplanet,DC=corp">
<ldap name="ldap_connection" url="ldap://win17:389" search-dn="CN=ldapuser,CN=Users,DC=petersplanet,DC=corp" search-credential="secret"/>