Hi,
Look for the <searchFilter> and <groupSearchFilter> in your openfire.xml, this will alow you to customize which UO your users are called from.
It’s been a while since I installed our server, but if memory servers:
Our openfire service runs on the DC as a system service (I got lazy). Then there is a user called ‘openfire’ with domain logon rights (This is used by openfire, although I’m not sure its really needed anymore), see <adminDN> below.
In Active Directory, we have a group called jabber (see <searchFilter> and <groupSearchFilter> below), any user that needs to be on the openfire server is a member of this group, and only members of this group are on the openfire server.
I chose to configure the openfire.xml by hand (a bit of googling helped) and the ldap section of this file looks a little like this:
(I found you need to stop openfire before editing the file, and restart when you are done.)
<ldap>
<host>server.domain.local</host>
<port>389</port>
<baseDN>dc=domain,dc=local</baseDN>
<adminDN>cn=openfire,cn=users,dc=domain,dc=local</adminDN>
<adminPassword>securepassword</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>false</sslEnabled>
<ldapDebugEnabled>false</ldapDebugEnabled>
<usernameField>sAMAccountName</usernameField>
<searchFilter> <![CDATA[ (&(sAMAccountName=)(memberOf=CN=Jabber,CN=Users,DC=domain,DC=local))]]> </searchFilter>
<groupSearchFilter> <![CDATA[ (cn=Jabber) ]]> </groupSearchFilter>
<nameField>cn</nameField>
<emailField>mail</emailField>
<groupNameField>cn</groupNameField>
<groupMemberField>member</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>
<posixMode>false</posixMode>
<vcard-mapping> <![CDATA[
<vCard xmlns=‘vcard-temp’>
<FN></FN>
<NICKNAME></NICKNAME>
<EMAIL>
<INTERNET/>
<USERID></USERID>
</EMAIL>
<TITLE></TITLE>
<URL></URL>
</vCard>
]]> </vcard-mapping>
</ldap>
Hope this helps.
-Rob