powered by Jive Software

Acitve Directory and Openfire Problem

I just installed Openfire and am trying to configure with the LDAP option. I am new to all of this so it could be something very simple that I am doing wrong. In the Connection settings when I TEST Settings I get


I looked at the openfire.conf file and was just going to put what the LDAP Guide says to but the file looks different from the old wildfire conf.

Does anyone know what I would be getting an error authenticatig with the ldap server?

Does anyone have an example of the openfire conf file that I could use for help in knowing where to add stuff?


before you try integrating with AD make sure you

  1. Have a user account created on the domain to use for the server

example: I have a user account called ‘‘Openfire’’ that has no rights to do anything, but its needed for OpenFire to bind and read the list of users

  1. Know your OU structure.

Thank you.

The xmpp clients can not connect in fact I get “Server not Found” ever since I made the server a DC. Nobody here knows about integrating Openfire or XMPP with AD. Any info or pointers to documentation would help. thank you!

Are you running openfire on your DC? Can you telnet to the DC using port 389? In a command prompt run “telnet DCip 389”, without the quotes.


The telnet failed on that port.

Yes Openfire is on the DC. I tried the telnet and it did fail. Using Server 2003 and it activated the firewall when I promoted it to config AD but I disabled it because I could not login via Remote terminal…

What does the telnet failure mean?

thank you

You have the firewall turned on, on your DC? Make sure you put port 389 as an exception. See if you can telnet locally on the DC to port 389. If you can’'t locally then somehow LDAP is turned off on your DC.

Also, I don’‘t think it is smart to have Openfire running on your DC. Your DC’'s are the most important server to have on your network. You never know, Openfire may go resource hungry or maybe a vulnerability is found and now you are down a DC.

Are you using Active Directory integrated DNS, or are you ONLY using a DNS from another machine… If your clients cannot see the server, and you made a new Domain Controller with Active Directory Integrated DNS and your clients now are using that server for DNS servicing, then it would be as simple as adding a host (a) record into your DNS table… You also could try just going to a client and trying to connect to the server by ip address to rule out any type of firewall or routing issues…


hi thank you. I am actually on a virtual server creating a testbed for an experiment. I needed to use AD so hence the promotion to DC. no firewall on.

thank you. I have a forward to a dns server from the Openfire machine, which I had to promote to DC because I needed to use AD. Turns out DNS server did not have an entry for my openfire machine. They forgot to add it.