powered by Jive Software

Active Directory integration

Dear all,

I am currently evaluating the latest build of Openfire. We are still using 3.6.1 with “local” users in production, manually configured within Openfire. I would like to integrate the new setup with the Active Directory, and this seems to be working fine for users, although I can’t get any groups imported. After taking a close look at the settings, it doesn’t surprise me. Our Active Directory is constructed something like this (these are example names):



| |—>AccountA

| |—>AccountB


| |—>Group1

| |—>Group2


Obviously, I set the baseDN to OU=AccountsOU,DC=domain,DC=name. Because the OU containing the groups does not reside within this OU no groups can be imported by the server. I can’t make much of a business case if it means restructuring the entire AD and a bunch of application servers connected to it. Is there any way to work around this? Can I somehow specify a seperate DN for the groups?

Many thanks in advance!

Kind regards,


set your base dn to the root of your AD do just DC=domain,DC=name

Then you can use filters to filter out anything you don’t want to show up.


very speedy reply indeed! Yes, that would work, but I would need to apply some sort of filter. As I can’t filter by OU (I assume the same rules apply as with a standard AD query?), I would need to set some custom attribute for the intended users. As I’ll create new groups for the XMPP setup, I can filter them easily, so that’s not a problem.

Am I overlooking some simple solution here (without modifying the existing accounts)?

Kind regards,


yes, you can use group membership. Thats how I do it.

I twigged that just after I replied to your post. Apparently I was having a case of mental diarrhea… Thanks for the advice nevertheless!

Maybe this could/should be added to the LDAP guide?