powered by Jive Software

Active Directory forest


In my company i have a forest of domains




Root of this domain is emc

Openfire server 3.71

I have followed instructions from this post

I switched openfire.jar (compiled for 3.71)

System properties:

  • ldap.adminDN = administrator@com
  • ldap.autoFollowAliasReferrals = false
  • ldap.autoFollowReferrals = false
  • ldap.baseDN =
  • ldap.encloseDN = true
  • ldap.host =
  • ldap.port = 3268
  • xmpp.domain =emc

I can find users and groups, but they are empty- see attached files.

Group filter (no matter what i fill in) - Possix disabled


User Filter - nothing special for now


When i connect to single domain it’s working perfect

Thank You for information

Are you using Active Directory?


Yes this is windows 2003 based Active Directory

Fond one clue

emc - (root)

england.emc - 10.300.1.1

deutchland.emc - 10.400.1.1


When i connect to host emc ( i can’t see any users in groups

When i connect to england.emc (10.300.1.1) ** i see users in groups only from england.emc**

This same situation is for each domain in the forrest.

It doesn’t matter that i connect as enterprise admin or local admin of domain.

Thhank You in advance

Are you sure the domain controllers you are connecting to are global catalog servers?

Also, can you log into the database server and verify that the configuration value for ldap.baseDN is empty?

Yes i am sure:)

Yes is empty

do You use universal groups?

Yes, Universal Security groups.

My settings:

  • ldap.groupSearchFilter:
    • (&(objectCategory=Group)(memberOf=CN=IM Groups,OU=Instant Messaging,OU=Universal,OU=Security Groups,OU=Groups,OU=Datacenter US,DC=company,DC=local))
      • All of our IM groups are a direct memeber of the group “IM Groups”
  • ldap.searchFilter:
    • (&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sn=)(g ivenName=)(msExchMailboxGuid=*)(!(memberOf=CN=Service Accounts,OU=Global,OU=Security,OU=Groups,OU=Datacenter US,DC=company,DC=local)))

Hello thank You very much

Problem was in Universal Groups.

I must create few:)

Ok another little problem

Let’s say that i create gorup named Jabber so


It is possible to do that the member of this group will be a Global Group? Or should it be only person?

It will automate creating users. Because when we create user, we are putting them to group f.e. Finance and doesn’t have to remember to put them in to im groups. Or how it’s done in Your’s company?

When i add any group to be a member of Jabber i see :



cn=im-groups-it,ou=ug,ou=emc,dc=england,dc=**emc@england.emc <-? this is my xmpp.domain


Once again thank You very much


Are your settings the same as mine?

  • ldap.autoFollowAliasReferrals = true
  • ldap.autoFollowReferrals = false
  • ldap.emailField = mail
  • ldap.encloseDNs = true
  • ldap.groupDescriptionField = description
  • ldap.groupMemberField = member
  • ldap.groupNameField = cn
  • ldap.nameField = cn
  • ldap.usernameField = sAMAccountName

I Was on the vacation, sorry for delay

It’s working right now in each domain i must create Universal group with all users in each domain.

It’s now working like a charm:)

Once again thank You very much. good Job:)