powered by Jive Software

New to OpenFire and AD


I am new to AD and am having difficulty getting openfire integrated with AD. Is there any step by step setup instructions for dummies out there anywhere? I have searched Google and ignite support areas but have not found all the info needed to successfully get openfire working with AD.If anyone out there has allot of patience, I would be greatly appreciative for any help.

Thank You



The link takes me here @http://www.igniterealtime.org/community/people/sixthring where do I go from there?

In setup you pointed to the AD server OK? now you have to point to the folder where users are and a User who has access to read this user.


Database : dc=corporation,dc=com

Admin : corporation/loginadministrator

my bad: http://www.igniterealtime.org/community/docs/DOC-1554

I’m using version 3.6

This doc works with 3.6

additional docs:



What is it looking for in the user mapping field?


you did not need to change the default setting that was there. Most settings can stay the default for the purpose of setup. You only need to configure things specific to your install: BaseDN, AdminDN, etc. They are all on the same setup screen. The rest of the screens are pretty much defaults. You can alter settings for vCards etc after the setup is complete. And you will need to.

Thanks for trying to help, I still cant get it to work. I guess I’m ignorant or something. I got to the admin login and nothing works for user credentials.I did try restarting also. I realize this is free but it could stand to have a little more detailed instruction dont you think?

I had to edit the openfire.xml file to start setup over again. I must have missed something. The defaults for Group Mapping give me the attached error.

I’ll also attach the connections settings config.

you did not set the host in the first pic. that needs to be the name of you domain controller.


could you please put only this:


try it and tel me the result.


Your baseDN is way wrong too. The base DN need to point to the storage location of your users in AD. You have it pointing at a single CN that happens to be a server. Did you even read my documents? Post a structure of your domain if you want specific help, and/or just use the generic baseDN another user supplied.

As I stated in the subject of this question. I am new to AD, only been here 2 months. I had some formal training in 2000 but never actually worked in an AD environment. I’ve been in an NT environment for the past 8 years. To be honest, the staff here that implemented AD has no formal training and have little to no IT experience. So I cant confirm that the AD implementation here is even sound. So, not knowing much about AD or knowing that what has been done here is correct, I didnt have a very good introduction to AD from the start. That said, I did read your posts but I cant say that I completely understood it, hence the further questions. Sorry to be such a bother.


Ken, working with AD isnt’ all that complicated. Setting up Openfire with LDAP really isn’t that hard either.

under Server Settings - Profile Settings:

Host: IP address or DNS of the AD controller

Port: 339

Base DN: CN=Users,DC=,DC=com

Administrator DN: fully qualified domain account with AD read rights at the least

Base DN is the “path” in AD to find the user objects (read backwards)

for example:


— domainname


-------organizational unit

-----------user objects

Base DN: CN=Users,DC=,DC=com

This is the “default” Base DN for user objects in AD. Going by your description, I’m guessing your AD tree hasn’t been modified.

Might I suggest taking the time to fix your AD structure to make your life easier in the long run. I would create a new set of OUs for your domain. A good simple structure to start is:

  • DomainComputers
    • SiteA
    • SiteB
  • DomainGroups
    • SecurityGroups
    • DistributionGroups
  • DomainUsers
    • LDAPGroups
    • UserSiteA
    • UserSiteB

Move your users and groups accordingly. The OU LDAPgroups are where you would place any Security Groups you want LDAP applications to use. It is good form to not move rename the default containers and OUs. If you create it I would organize it in custom OUs you make. By taking the time to do this you will ultimately have control of your domain and make managing easy and worry free.

I know, but if he put dc=domain,dc=com. he is see everything inside the ad. ( groups, ou, lists ) it works for me.

anyway sorry for bad support.