powered by Jive Software

Openfire / Active Directory problem

I’ve set up AD authentication ok, and added a user into the admin config, but when I try and login to the admin console, get this error:

2007.09.11 03:51:13 Trying to find a user’s DN based on their username. sAMAccountName: user, Base DN: OU=COMPANY Users, OU=COMPANY, DC=domain, DC=local…

2007.09.11 03:51:13 Creating a DirContext in LdapManager.getContext()…

2007.09.11 03:51:13 Created hashtable with context values, attempting to create context…

2007.09.11 03:51:13 … context created successfully, returning.

2007.09.11 03:51:13 Starting LDAP search…

2007.09.11 03:51:13 Exception thrown when searching for userDN based on username ‘user’

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:


but I know for sure that ‘user’ exists in the OU specified.

How can I get past this error? Could it be because the user used to authenticate against AD is not a domain admin? I don’t have access to the domain admin password.

You don’t need an Admin, you just need a user that is able to read the whole tree.

You said, when you tested your config in the wizard it said “success”? Did it list users and groups when testing the mapping? If you managed to get the list, this probably should not be the issue.

Could you please post your Openfire.xml file from the server, or at least the part that contains the LDAP iniformation.

I’m going through the setup process again, and I can get it to find users if I don’t specify any OUs in the BaseDN or search filter. I do want to do this, as the directory tree is for all companies in our building, but I only want openfire for our company. Could it be because the OUs have brackets in the name, eg I’m trying a search filter (&(objectClass=organizationalPerson)(OU=Company Pty Ltd \28COMP\29)) which doesn’t work. Maybe I have my search filter syntax wrong, I’m new to LDAP in general.

Ok, it works if I specify the BaseDN with proper escaping for brackets. However I have the problem now that we use the IM server for people in different offices across the country, and they are in different OUs, and I would rather run one instance of openfire than one for each OU. So really I need the BaseDN to just be the DC address and some sort of search filtering to specify the OUs. Like I said in my last post the search filter doesn’t work, I was thinking along the lines of

(&(objectClass=organizationalPerson)(|(OU=Branch1 Pty Ltd \28B1\29)(OU=Branch2 Pty Ltd \28B2\29)(OU=Branch3 Pty Ltd \28B3\29)))

would this be the way to do it?

The AD tree looks like this


  • Branch1 Pty Ltd (B1)

  • Groups

  • Users

  • Computers

  • Branch2 Pty Ltd (B2)

  • Groups

  • Users

  • Some Other Company Branch (DON’T WANT THIS ONE)

The special characters could definitely be causing your issues. You could create a group and place all users that need access to chat in that group. Then base you filter on the group.