LDAP Connection Settings error

I try to put Base DN and Administrator DN as the image attached file. Got error “Error authenticating with the LDAP server. Check supplied credentials” anyone can help me? pleaseeee!!!

Your Active Directory is not nearly ready to use for LDAP yet. You need to add organizational units to your tree to place computers, and users in at a minimum. I recommend theses containers:

  • UserAccounts - Stores the user account for individuals that need to login. Can have Sub OUs (I place an OU for ChatGroups here)
  • UserComputers - Stores computer workstations bound to AD. Can have Sub OUs.
  • UserGroups - Contains Sub OUs for security and distribution groups.
  • SecondaryAccounts - This is a collection of OUs for organizing accounts for non-standard users (email only accounts, disabled accounts, etc)

You cannot use the default containers for most LDAP functions. You need to do this organization step.

Thank you for your reply but not understand at all…sorry…

  • I should to install any program?

  • What Base DN and Administrator DN to fill in the box blank? Is it like this :-


What’s ou? It’s servername?


Thank you for any answer.

This document may help: http://www.igniterealtime.org/community/docs/DOC-1554

You cannot use the default containers for most LDAP functions.”

This statement is not true with AD and Openfire.

The probelm is the base DN and the Admin DN are not correct.

Your Base DN should be: DC=domain_name,DC=domain_suffix

or DC=testserver,DC=com as it appears in your screenshot.

Your admin DN should be; CN=admin_account_name,CN=container_name,DC=domain_name,DC=domain_suffix or


In your screenshot it clearly shows the AD domain as TestServer.com, I’m not sure where you got the CD=activedirectory or the DC=aicl, I assume aicl is the server name, if so, it does not belong in the LDAP settings except for Host, where you chose to use the IP. I would suggest you use the server name instead of the IP as LDAP may produce inconsistant results with the IP.

As a test, you can install the Server 2003 tools from CD#2 and at a dos box run LDP. Try connecting to your AD server with either the IP or the Server name and see what you get.

One more note about LDAP and Openfire. When looking at the server settings with the openfire admin console, you will see the Administrator password in clear text. I suggest you create a new user only used for the LDAP query and make that user a member of Account Operators, this way you won’t be exposing your admin account password for any other openfire admins to see.

I guess I should have phrased this differently: “You cannot use the default containers for most LDAP functions.”

It should be “You should not use the default containers for most LDAP functions”. You should be using OUs for the organization of your AD. It adds security and granularity. As for the rest you are correct. In any case his AD tree is not nearly ready to function as an LDAP server.