Minimum permissions requirements for Openfire AD Anonymous Logon?

Hi i am trying to implement Anonymous logon on our AD and skip having administrator DN and password in the Database.

I can do querrys and all that, that is working but i want to have the only nessesary attributes required for Openfire to be happy using AD with anonymous logon.

I can just set “Read General Information” and “Read public information” on All user objects on the AD OU and all it’s children i want to make public and where all our users are.

But that open up alot of information that is not needed to be public and i want to specify exactly the parameters needed for the “Profile Settings: Use mapping” test during setup to work and make OF happy.

So what are the properties need to read from AD to make it happy? I could not find where exactly in the code the AD test is made to verify this during setup…

Thanks in advance for any assistance!

Forgot to mention as reference:

“Read General Information” give read on these attributes

  • Display Name
  • adminDescription
  • codePage
  • CountryCode
  • ObjectSid
  • primaryGroupID
  • sAMAccountName
  • sAMAccountType
  • sDRightsEffective
  • showInAdvancedViewOnly
  • sIDHistory
  • UID
  • comment

“Read Public Information” give read on these attributes

  • Additional-Information notes
  • Allowed-Attributes
  • allowedAttributesEffective
  • allowedChildClasses
  • allowedChildClassesEffective
  • altSecurityIdentities
  • Common-Name (cn)
  • company
  • department
  • description
  • displayNamePrintable
  • division
  • E-mail-Addresses
  • givenName
  • initials
  • legacyExchangeDN
  • manager
  • msDS-Approx-Immed-Subordinates
  • msDS-Auxiliary-Classes
  • distinguishedName (Obj-Dist-Name)
  • Object-Category
  • Object-Class
  • Object-Guid
  • Organization-Name
  • Organizational-Unit-Name
  • otherMailbox
  • Proxy-Addresses
  • RDN name
  • Reports (directReports)
  • servicePrincipalName
  • showInAddressBook
  • Surname
  • System-Flags
  • Text-Country/Region
  • Title
  • userPrincipalName