No users were found using the specified configuration

I have attempted to setup openfire with ldap, however I cannot seem to figure the issue out at this time.

For some reason I cannot get ldap to work, My Domain controller is “dc1” on the “SMI” domain.

My baseDN is “CN=ChatUsers,OU=corporateusers,dc=dc1,DC=SMI,DC=com”

Attached is a screen shot of my domain architecture. All help is appreciated.


Try removing the dc=dc1 parameter from your BaseDN string.


The group ChatUsers should not be in your baseDN. It should simply be OU=corporateusers,DC=SMI,DC=com. You add the group to the User search filter in the openfire.xml like this:

<searchFilter> <![CDATA[[(&(objectClass=organizationalPerson)(memberOf=cn=ChatISteam,ou=Cha tGroups,ou=accounts,dc=domain,dc=com))]]]></searchFilter> /code

I have included the .XML file, I have changed the password for security reasons and would appreciate any help.

Is this a typo in your config “DC=co” or should it be"DC=com".


Also your adminDN should be in a similar format as the baseDN

<adminDN>smi\mathew</adminDN> will not work

Might look something like


If you have an ldap tool like adsiedit you can lookup the actual Distinguished Names that both fileds require.

That is a typo, I have been working at this with another individual at the office and I missed the error.

Your statement on the adminDN is completely incorrect. domain\username is a completely valid structure for Active Directory. As a matter of fact that is how mine is configured.

When I open the openfire.xml it has al lot of invalid characters in it. What was it edited with? I will try to clean it up for you.

The individual assisting me had edited it in Word.

I have attached an edited openfire.xml. You may need to edit it futher with a decent text editor such as notepad++ for authorizedUsernames and adminPasswords.

Cool didn’t know that, thought it had to be a normal LDAP structured string.

nope you can use LDAP structure, domain\user structure, or email authentication (

What is the status of this issue? Was my editted openfire config of any help.

Your edit of the .xml file was great, it still does not find any users, and we may just have to add them manually. We really want it to work with LDAP, however nothing seems to work at this time.

I may be able to help you better if I had a diagram of your AD OU structure. this should be very easy to get working with LDAP. If you tak a screenshot or multiple of your AD users and computers expanded I may be able to help you better. Of cours edit an sensitive data. I do not want you to compromise your network to get help. You may send me a Private Message for my email address instead of posting the images here (security first).

wrong thread.

That is correct, each user that will get im is in the chatusers group

Based on you graphics you have emailed me we were adding incorrect information to the baseDN. There is no .com in your AD so it should not be in your baseDN. It should simply be OU=corporateusers,DC=SMI. The domain controller you are binding to should be dc1.SMI, again no .com. You add the group to the User search filter in the openfire.xml like this:

<searchFilter> <![CDATA[[(&(objectClass=organizationalPerson)(memberOf=cn=ChatISteam,ou=cor porateusers,dc=SMI))]]]></searchFilter> /code

I attached an adjusted openfire.xml for you. You will again need to edit it for real usernames and passwords with a program like notepad++.

Did the posted files help you at all?

Yes it did, we appreciate your hard work and look forward to using the


glad to hear we got it working for you. don’t forget to mark this thread as answered (and award points for helpfull or correct answers ).