LDAP group user search

I’ve successfully configured Openfire to get all needed users and groups from AD. Users and Groups are taken from two domains, in total there are six domains. When I look in Openfire admin console under Users/Groups user and group lists are correctly filtered and only needed ones are listed. I’ve enabled contact list group sharing for all groups, so that all users can be easily accessed.

Almost all user grouping is fine, except for one group, where only one of four users appear right. It seems, that for these three users each of them is found more than once (and first result is taken) in AD under different domains, with same cn, displayName, givenName, name and sn, but different distinguishedName, sAMAccountName, userPrincipalName, etc.

I’m using “member” for group member field (ldap.groupMemberField=member), which in AD contains user distinguishedName. And POSIX mode is disabled (ldap.posixMode=false). How is Openfire searching for group users? It takes group member value and tries to find appropriate user, that has needed distinguishedName? Or it tries to search by name, cn, displayName? Can this functionality be changed? Does Openfire use user filter, when searches for group users?

In error.log found multiple exceptions about:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0315258B, problem 2001 (NO_OBJECT), data 0, best match of:

  •      ''*

]; remaining name ‘’


java.util.MissingResourceException: Can’t find bundle for base name jinglenodes_i18n, locale en

there are also lots of group exceptions about non-existent username, because all disabled accounts are filtered, like:

2011.07.01 06:35:06 Groups ([Test group]) include non-existent username (test.user1)

OS: Gentoo Base System release 2.0.2

Openfire version: 3.7.0

DB: MySQL 5.1.56