LDAP Group Authentication

I have a FreeIPA server that I’m trying to configure XWiki against. I have got it working by installing the LDAP Authenticator extension and giving it the following configuration:

LDAP Authenticator configuration:

xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
xwiki.authentication.ldap=1
xwiki.authentication.ldap.trylocal=1
xwiki.authentication.ldap.server=ipa.sub.domain.com
xwiki.authentication.ldap.port=636
xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.base_DN=cn=xwiki-users,cn=groups,cn=accounts,dc=sub,dc=domain,dc=uk
xwiki.authentication.ldap.bind_DN=uid={0},cn=users,cn=accounts,dc=sub,dc=domain,dc=uk
xwiki.authentication.ldap.bind_pass={1}
xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=xwiki-admins,cn=groups,cn=accounts,dc=sub,dc=domain,dc=uk
xwiki.authentication.ldap.mode_group_sync=always
xwiki.authentication.ldap.UID_attr=uid
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
xwiki.authentication.ldap.update_user=1

I can login with any of my users and the correct two are mapped to the XWikiAdminGroup. However what I really want is to only allow users from the below group to be able to authenticate to it.

cn=xwiki-users,cn=groups,cn=accounts,dc=sub,dc=domain,dc=uk

Does anyone know how this can be achieved?

That should be

xwiki.authentication.ldap.user_group=cn=xwiki-users,cn=groups,cn=accounts,dc=sub,dc=domain,dc=uk

@tmortagne - You’re right! It was that simple! I feel a bit silly now but certainly do appreciate the help!! Thanks!