powered by Jive Software

Help with New Install w/ Win 2008 & Active Directory

New install of Openfire 3.6.4 on CentOS5 connecting with Windows Server 2008 Standard (an active, working site)… going through the wizard during initial setup of Openfire, but all I get is ‘Error authenticating with the LDAP server. Check supplied credentials’… no matter what I seem to put.

What I’m trying to put:

Server Type: Active Directory

Host: myserver.intranet.local

Port: 389

Base DN: OU=Users,DC=myserver,DC=intranet,DC=local

Administrator DN: CN=Administrator,OU=Users,DC=myserver,DC=intranet,DC=local

Password: ************

I’ve also tried creating a new user ‘xmpp-openfire’ in a new OU ‘whatever’, as a member of Domain Users & Account Operator with no change.

I’ve also tried using an Administrator DN of ‘Administrator@intranet.local’ (the accounts email address) with no change.

It may be important to note that this is a pretty vanilla install of Win2008 (single server, no tree) at a small site that is NOT set for Pre-Win2003 OR Win2003. AD is installed as Win2008-only environment w/ WinXP & Vista clients.

I’ve searched & searched to no avail, and used this document as a guide:



The default users container is not an OU it is a CN.

Good Morning,

Might I suggest downloading a copy of Softerra LDAP Administrator. It is only a trial but it will greatly assist you with finding te correct the LDAP binds that you require for getting your installation up and running. In each section of AD that you require a bind, ie Users or similar you are looking for the ‘DistinguishedName’ field. With this tool it is near impossible to get the paths wrong. It should take you about 20 minutes to get your openfire server live.

Kind Regards,


Insight Networks Pty. Ltd.

Melbourne, Australia

additionally this is a guide I created: http://www.igniterealtime.org/community/docs/DOC-1554

3x great responses, and all very helpful… thank you very much!

To those who stumble on this searching, this is what got me working:

Base DN: OU=whatever,DC=intranet,DC=local
Administrator DN: CN=xmpp-openfire,CN=Users,DC=intranet,DC=local

In Active Directory: I wound up moving all of the users & security groups into a new OU (whatever) and created a new user (xmpp-openfire) in the default CN (Users is not an OU as pointed out and confirmed by Softerra LDAP Administrator); the new user being apart of the Account Operators security group. Further Softerra LDAP Administrator made clear that the DC’s was NOT to include the host (myserver), but only the domain (intranet.local). I’ve been using Openfire and Wildfire before it for quite a while now, but never integrated w/ Active Directory. Thanx for a magnificent application!

Next task: Single Sign-On

Glad I found your final solution Frig - it helped me solve my AD connection problems. I upgraded my AD from 2003 to 2008 and all OpenFire LDAP authentication stopped working. My guess is the 2008 DC has a less forgiving syntax requirement related to users (my previous admin user settings didn’t specify the domain, suffix, or user container but worked fine against the 2003 AD DC).

Just to add a few more keywords to help for others searching: Active Directory Windows Server 2008 Domain Controller

Typical OpenFire settings should be-

Base DN:


Administrator DN:


In the above strings replace:

domain = your Active Directory domain name

suffix = your Active Directory domain suffix (default = “local”)

openfireuser = a domain user with domain admin priveledges

Also this assumes the openfire user is in the default Users container.

Many thanks.