Minimum permissions requirements for Openfire AD Anonymous Logon?

Hi i am trying to implement Anonymous logon on our AD and skip having administrator DN and password in the Database.

I can do querrys and all that, that is working but i want to have the only nessesary attributes required for Openfire to be happy using AD with anonymous logon.

I can just set “Read General Information” and “Read public information” on All user objects on the AD OU and all it’s children i want to make public and where all our users are.

But that open up alot of information that is not needed to be public and i want to specify exactly the parameters needed for the “Profile Settings: Use mapping” test during setup to work and make OF happy.

So what are the properties need to read from AD to make it happy? I could not find where exactly in the code the AD test is made to verify this during setup…

Thanks in advance for any assistance!

Forgot to mention as reference: http://technet.microsoft.com/en-us/library/cc728117(WS.10).aspx

“Read General Information” give read on these attributes

• Display Name
• adminDescription
• codePage
• CountryCode
• ObjectSid
• primaryGroupID
• sAMAccountName
• sAMAccountType
• sDRightsEffective
• showInAdvancedViewOnly
• sIDHistory
• UID
• comment

“Read Public Information” give read on these attributes

• Additional-Information notes
• Allowed-Attributes
• allowedAttributesEffective
• allowedChildClasses
• allowedChildClassesEffective
• altSecurityIdentities
• Common-Name (cn)
• company
• department
• description
• displayNamePrintable
• division
• E-mail-Addresses
• givenName
• initials
• legacyExchangeDN
• manager
• msDS-Approx-Immed-Subordinates
• msDS-Auxiliary-Classes
• distinguishedName (Obj-Dist-Name)
• Object-Category
• Object-Class
• Object-Guid
• Organization-Name
• Organizational-Unit-Name
• otherMailbox
• Proxy-Addresses
• RDN name
• Reports (directReports)
• servicePrincipalName
• showInAddressBook
• Surname
• System-Flags
• Text-Country/Region
• Title
• userPrincipalName