Cannot Login after changing to LDAP using Active Directory

Hi All,

Please forgive me but I am trying to setup Openfire for the first time and i am having no luck in getting it to work with LDAP on Windows Small business server installation. I run through the setup and i can set the correct LDAP parameters. I ‘test’ to make sure that it can query the LDAP and i get a successful response including when i go to setup the Administrator for OpenFire. It is a valid account that i can add and it successfully authenticates with the valid password, but once it is setup and i go to the login page, I cannot login as the user i have added during the setup process. I have tried every combination possible. I cannot login once i switch to LDAP even if all the tests during the Setup processes pass.

Any help would be appreciated. I have spent 2 days on this now with no luck.


I will be glad to help. can you post the openfire.xml file and a screen shot of your login attempt?

Hi Mt,

I have included the xml file and a screenshot of the login page. I xx’d out the administrator password in the xml file.

When i install openfire and go to setup for the first time, I have to do it by going to http://locahost:9090 because our firewall blocks high port access on the Once i go through the initial setup and pass all the tests and create the admin user, i go to the login page using the FQDN of the server. Other than that, i can’t seem to find anything unusual.



I had the same problem as well when I configured Openfire three days ago. I actually still have the problem but I found a work around. I found out that certain users (even in the same OU) can log in to the administrator console and certain users can’t. I created a user named admin that can but the user Jmoody can’t. But what is even weirdier is that those users that can’t log in to the administrator console can log in to spark.

Your BaseDN is wrong. I would hope tha all your users are not in the default Users folder. This folder should be reserved for default AD accounts. Any other users should reside within unique OUs elswhere in the tree. The same holds true for computers. You can not manage accounts or computers via AD effectively when left in the default folders. The BaseDN should be: OU=SomeName,dc=inetico,dc=local or just dc=inetico,dc=local.

Additionally you can simplify the adminDN to the email address of the account you wish to use: administrator@inetico.local

I have attached a sample openfire.xml file with proper settings for AD including vCard settings.

Hi everyone,

After a late night last night, I figured it out and do i feel stupid. All our users in AD begin with an upper case letter. For whatever reason Openfire doesn’t like upper case. The login works as long as you log in with all lower case letters even if the username that you have assigned from AD has upper case in it. tada…Now for my next question…Has anyone use d Trillian as the IM client and is it recommended.

Thanks to everyone for their assistance and responses.


I feel really dumb now! That was really easy to fix! I am use to the fact that usernames are not case sensitive so I never tried a lowercase. Thanks for the help.