We would like to be able to make user searces in LDAP by ou(organizational unit). The search is produced by the user attributes in LDAP, but ou is a container and not a attribute.
I am not sure what you are asking? Can you be more specific. Also depending on your LDAP your definition of an OU = container is not correct. In Active Directory, an OU is not a container. A container in AD is a User Account, a Group, or the default Users and Computers folders.
The search is produced by the USER ATTRIBUTES in LDAP, but ou IS’NOT A USER ATTRUBUTE. LDAP is a tree, and ou IS A BRANCH.
For example, I want to find a man, who works in *accounting department of our organization(for example ou=AccountDepartment). *But *ou=AccountDepartment *is not an attribute for search, because ou is not a user attribute.
AD does not query based on OU. They are merely organizational structures. This is not an issue/limitation of openfire, AD just does not do it. If you want such a query you need to make Security Groups to query against.