LDAP on Openfire 3.10.2 not pulling users/groups correctly

I have setup an Openfire Server and connected to our AD using LDAP however I cannot seem to get users to show up without adding them to a separate security group individually. Openfire does not appear to be pulling in the users correctly. Below are two screenshots showing our AD and what the results are for one group. Does anyone have an explenation /fix for this?


You can see all of the users listed in the AD OU, I have verified they are members of the same security groups and have the same primary group set.

The above image shows what Openfire is pulling.

nested groups are tricky.

Can you post your base dn along with your searchfilter that you are using?

Are you using a nested security group? After reading your question I looked in my Admin console and noticed that the nested security groups would not populate users (or the groups that comprised them for that matter). I have not noticed before now as I did create security groups just for Openfire/Spark. It would appear that nested groups are a limitation.

My Base DN is at the root of the tree DC=“mydomain”, DC=“ORG”

ldap.groupSearchFilter (objectClass=group)

I am not nesting security groups intentionally, I noticed the same issue. I am trying to get all of the correct users to pull into the groups, as you can see the two lists are different.

The only way I’ve been able to get nest group to kinda work, is when using memberof:1.2.840.113556.1.4.1941:=CN=xxxxxx

This should give you an idea

How to Setup Authentication Groups with LDAP/AD

so you can create a parent group, and then make all your groups members of it. Please note, primary groups (like Domain Users) don’t work as they don’t show up with the memberof attribute for a user.

Let me know if you have any questions.