LDAP connection at domain level in Openfire

Our structure is set up with a bunch of OUs under xyz.local. I understand Openfire scans all of the subtree items in the OU defined in the Base DN. Is it possible to configure Openfire to scan for users within the OUs at the xyz.local level so we don’t have to create an OU and move move users to different OUs underneath the newly created one?

you can’t do it with OU, but you can manage it with security groups.

This should point you in the right direction

How to Setup Authentication Groups with LDAP/AD

Thank you. That’s exactly what we’re looking for. I followed the steps carefully and somewhere something must have gone wrong because now I receive a login error at the Openfire admin console web page: Login failed: make sure your username and password are correct and that you’re an admin or moderator. I added the account to the messaging group as the document says to.

The same credentials worked fine before changing the system parameters. Of course now I can’t log back in to address them. The openfire.xml in C:\Program Files x86\Openfire doesn’t display any of the custom parameters. Are these stored in the DB now? How can I get to the parameters settings outside the web portal?


the configuration is keep in the database, and you can edit the database directly (ofProperty table)

If for some reason you can’t access the database, in openfire.xml, you can change tup>true to false. this will run you through the setup wizard again.

Thank you. Running the setup again and making sure the search fields were correct got it going.