LDAP openfire alternateBaseDN bug

When you set alternateBaseDN for user search, then if user is in alternateBaseDN, then it is not found in group list.

This is because of searching group members with appending BaseDN only, fragment of code:

public Collection getGroupNames(JID user) {

// Get DN of specified user

XMPPServer server = XMPPServer.getInstance();

String username;

if (!manager.isPosixMode()) {

// Check if the user exists (only if user is a local user)

if (!server.isLocal(user)) {

return Collections.emptyList();


username = JID.unescapeNode(user.getNode());

try {

username = manager.findUserDN(username) + “,” + manager.getBaseDN();


catch (Exception e) {

Log.error("Could not find user in LDAP " + username);

return Collections.emptyList();



I struggled with this as well, and ultimately used the root of my AD as my BaseDN and applied a search filter to get the users I wanted. I have a quite a few groups, but only the ones I make active show up.

Attached is a sample one I built of of reading other posts in the forum: