powered by Jive Software

ActiveDirectory User Filter questions


I am trying to incorporate OpenFire into our Active Directory (2003). I have created a “ChatUsers” group (Security Group - Global) and added 3 test members to the group. Here are the settings I’m using:

Server Type: Active Directory

Base DN: cn=ChatUsers,cn=Users,dc=domain,dc=com

This comes back as successful. The next step is the User Mapping. Here are the settings:

Username Field: uid

Search Fields: (none)

User Filter: (objectClass=organizationalPerson)

This comes back with an error and is unable to load the User list. So I take out the User Filter and leave it blank. Now it comes back with only one User, and it’s the ChatUsers group (really a group, not a user).

So I downloaded the LdapSearch 1.2 to try and figure out the right LDAP query to get this to work. I am able to see the members of the group from this LDAP query:

Base DN: cn=ChatUsers,cn=Users,dc=domain,dc=com

Filter (query): (objectCategory=*)

This returns:

LDAP Search started …

Host =

Port = 389

Connection Type = Non SSL

Timeout = 10

STEP 1 => Performing LDAP initialization

LDAP initialization completed

STEP 2 => Performing LDAP simple bind…

LDAP bind completed successfully.

STEP 3 => Searching on the server …

Enumerating attributes for DN : CN=ChatUsers,CN=Users,DC=domain,DC=com

objectClass = top

objectClass = group

cn = ChatUsers

member = CN=Test User1,OU=City,DC=domain,DC=com

member = CN=Test User2,OU=City,DC=domain,DC=com

member = CN=Test User3,OU=City2 Office,DC=domain,DC=com

distinguishedName = CN=ChatUsers,CN=Users,DC=domain,DC=com

instanceType = 4

whenCreated = 20071206190929.0Z

whenChanged = 20071206190956.0Z

uSNCreated = 1899892

uSNChanged = 1899898

name = ChatUsers

objectGUID = vÓpÚÞ"Mª ÉäobjectGUID = vÓpÚÞ"Mª Éä%s

objectSid =

sAMAccountName = ChatUsers

sAMAccountType = 268435456

groupType = -2147483646

objectCategory = CN=Group,CN=Schema,CN=Configuration,DC=domain,DC=com

LDAP search completed

So I do see the 3 members of the group in this query, but I can’t figure out what I need to change the query to to pull back the members list so OpenFire can read them in. Can anyone help me here?

Thanks in advance.


that is if the chatUsers group is located in the Users OU

Hello papawu,

This isn’t working for me, and I think it’s because the users aren’t necessarily part of the OU=Users. There is an OU for each branch office we have, ie OU=Atlanta and OU=Chicago, etc.

how should I approach that?



I ran into the same issue. I finally used (objectCategory=person) which displayed the users.

That was the one! Awesome, thanks!