Having set up and tested iFolder 3.2, I'm ready to start deploying it.
However, I'd like to make sure only named users can access the service.

All my users are in a hierarchy below ou=users,o=bcw. I'd like to
restrict iFolder so that only users in the eDirectory group
"iFolderUsers" in ou=users,o=bcw can access iFolder.

I tried adding cn=iFolderUsers,ou=users,o=bcw to the Search DN's in the
LDAP policy, but when searching for users this just returned all
users. Similarly, ou=iFolderUsers,ou=users,o=bcw in the DN's did the
same thing (occasionally throwing an Apache error in iManager as well).

I can leave the Search DN as ou=users,o=bcw, but all users are enabled
by default; I can disable them individually, but with 1000+ users this
isn't really an option. How can I best lock down iFolder?