Can use an alternitive LDAP ou for groups other than dc=groups

Well I have a systems group that put the groups that I need to look at for Openfire, not in groups, but in another ou.

We are using OpenLDAP

I need to get my group list from ou=unix,dc=example,dc=com instead of from dc=groups,dc=example,dc=com

My base dn is “dc=example,dc=com”

Any chance of doing this? Will a filter work?


Hey Muzammel,

Which version of Openfire are you using?

I know for Openfire 3.6.0, you can open up the Openfire Admin console, and change the OU which Openfire looks at for users from the Server Tab, in either the Server Manager section under System Properties, or Server Settings, under Profile Settings.

Hope that helps

Sorry Tim you not understand my question. I ask about for Groups i want to use separtre OU. So in Group summary

only desried OU will show.

If you are using openfire 3.6.0 you can adjust this under the Server > Server Manager > System Properties. There is a property value for the ldap alternate base dn. It worked for me to point the base DN at the users container and the alternate base dn at the groups container.

Alternatively, you can point the base DN at a place in the ldap tree that contains both the users and groups, and use a clever set of filters to pick out only the users and groups you want.

Thanks Rculpepper I am very thankful to you for reply and give suggestion about clever filter. My situaltion is simple.

I am using openfire version 3.5.2 with openldap

currently i use baseDN = dc=mydomain,dc=com

and for Groups i want to use OU=openfire_Group,dc=mydomain,dc=com, so for this purpose i use the following in Group mapping.

Group Field = cn

Member Field = member

Posix mode = no

Group filter = (cn={Manger_Group1,ou=openfire_Groups,dc=mydomain,dc=com})

But this not work, in Group summary no groups are displayed. Please help me regarding this matter.


kindly give suggestion to solve the problem for alternitive OU for groups via openldap.


Looks like you may be having trouble with the ldap filter. I would recommend doing some internet research (google) for ldap filter syntax to see what you want. Without looking at your ldap directory I would have no idea what to recommend as a filter.