For more complicated AD Forrests, such as one with 2 or more sub domains you will need to set your BaseDN to the top of the Forrest. In our example domain it would be: DC=intra,DC=domain,DC=com but you need to change the port to 3268. This will allow you to access users from all the domains in the Forrest. Filters will be of the utmost importance to limit what accounts and groups show in the Openfire admin website.
The link posted above is now broken unfortunately. One follow up question - at what point in the release history does OpenFire support DNS based resolution of LDAP servers in an active directory environment?
I have been using this method since openfire 3.5 so i do not know if it was possible before this version. All my machines will connect to the closest DC if enter just the domain in the run command. we did nothing special with DNS to make this happen.
Yeah, it’s done behind the scenes with Active Directory. I have 3.5.1 and tried using only the domain name (specified in the config file), with no success, which is why I’m asking. Our other systems in the domain are correctly binding, however.