Openfire 3.9.3 ldap/active directory backend group membership lookup

Hello Guys,

I’ve been using for a while openfire with local authentication database, and switched recently to a LDAP/active directory setup (CentOS7/Openfire 3.9.3).

I just came across the following problem:

We have two persons with the same identical first and last name but working in two different entities, and stored in two different OUs in active directory - resulting in them having the same CN but a different DN.

I created a group (associated to a roster group) and the first matched CN user was selected, not the correct one.

Maybe I missed a step or configured my server incorrectly, but it seems that usersearch is not based on the DN.

Shall you need more details, don’t hesitate to ask.