There is a trick I used that exploits the Global Catalog server, which stores a subset of all the accounts within an AD forest. There is one thing you will need to be aware of though, out of the box, AD only caches universal group memberships in the space of the GC, so if you are using AD to populate your groups they would need to be universal groups. ok, now that, that is said… there are a few other gotchas… the photo option that allows you to store a photo in AD and display it in Spark and as part of your profile also is not cached in the GC.
Those short comings can be over come with making changes in AD to allow those attributes to be available to the GC.
This article outlines the use of the jpegphoto attribute in general if you want to use it with AD, http://msdn2.microsoft.com/en-us/library/ms676813(VS.85).aspx
This article will outline how to replicate an attribute with the GC, http://technet2.microsoft.com/windowsserver/en/library/42ae2845-a7aa-4f02-8944-1 75f6541125f1033.mspx?mfr=true
To set up your openfire.xml, point to the GC ldap port which is: 3268 or 3269 for SSL
Make sure the server you point to is a GC. Also make sure that your base path for users is either very broad, like:
dc=jivesoftware,dc=com if that is your forest root.
You could make it like this…
ldap.alternateBaseDN : dc=domain2,dc=jivesoftware,dc=com
I hope this info helps