AD ldap integration


I keep getting an error when testing the user mapping of the ldap openfire setup. My ldap tests ok but i am guessing I have the wrong dn specified?

Here is the domain layout (pic attatched)



-Site Name


my current search base is ou=users,ou=global,dc=acme;dc=local

Thanks in advance for any help

Hey Erik

Based on your attachment I believe you are entering in the path wrong. You are overlooking the “SITE1” organizational unit. I also recommend keeping each field in quotes. There should also not be a semicolon after “dc=acme” like your example has. It should be a comma.

Try this Base DN path:


Let me know if that works!

Thanks for your reply,

however i should mention that in each site OU has a Users OU, and i need ldap to query those users in each site… I assumed it would just look in all subfolders or OU’s?

I spelled your name wrong earlier - Sorry.

Someone can correct me if I’m wrong. I believe openfire can only query one base DN path. So, if you wish to include the users OU in BOTH of the “SITE” OU’s then you will need to query at the top of Global. Yes, openfire queries all users inside of sub containers and OU’s. To accomplish this your base DN will need to be:


Good luck!

Alright, here is what I figured out, basically the “test settings” will not work when it tries to grab a random AD account.

1.) Setup your ldap search criteria like Jordan and I discussed earlier, (i didnt use quotes)

2.) just save these settings without testing in this step and you should be fine