Configuring user and group filter


I’ve been fighting with the OpenFire setup for hours now, can’t seem to understand why this is not working.

I started the setup process at

I managed to configure the Base DN (ou=openfire,dc=fx,dc=local) and Administrator DN (cn=openfire,cn=users,dc=fx,dc=local) successfully.

User OpenFire is located in the default users folder (under domain.local).

All other users located in under (SBS2003)





(AD structure described in the picture attached)

The user OpenFire authenticates successfully, my problem is with the user filter, tried (&(objectClass=organizationalPerson)(memberOf=CN=OpenFireUsers,OU=OpenFire,DC=d omain,DC=local))

all I get is an Error (with no details).

I can skip successfully the user mapping and group mapping with the default values but on the next step where I enter a user to be administrator, it can’t find any users.

If I skip this step without adding any user, the process ends “Successfully” but I can’t log in to the administration console (not even with the OpenFire user).

Help would be highly appreciated,

Thank you


Ensure that the administrator account that controls the LDAP connectivity and that you use to log onto the console, is also a member of the group OpenFireUsers and also you seem to have a miss match within the distinguished name (don’t know if this is a typo)

Base DN (ou=openfire,dc=fx,dc=local) and (memberOf=CN=OpenFireUsers,OU=OpenFire,DC=d omain,DC=local))

That was a typo. (fx is the domain name).

Anyway, I managed finally to connect using these parameters:

Base DN: dc=“fx”,dc=“local”

Administrator DN: cn=“openfire”,cn=“users”,dc=“fx”,dc=“local”

User filter: (&(objectClass=organizationalPerson)(memberOf=CN=OpenFireUsers,OU=OpenFire,DC=f x,DC=local))

Group Filter: (&(objectClass=Group)(memberOf=CN=OpenFireGroups,OU=OpenFire,DC=fx,DC=local))

In the administration console I can see my users, I can see my groups, and everything looks splendid, but when I log in with a Spark client I cannot see any of the groups or users, I can only search for a certain user and it finds him.

Any help with that would be highly appreciated.



set the group filter to

ldap.groupSearchField (&(objectClass=group)(cn=OpenFireGroups*)) The * (wildcard) can be removed if you only have one group called OpenFireGroups. Note nested groups are not recognised so place users directly into the group.

Hope this helps

Thanks for the responses, I managed to get it to work.

Thanks a lot!!