Openfire - AD Integration - Groups not working

Hello! I’ve been fighting this issue for more than a week. We have a new openfire installation and I’m currently unable to get the groups to work with AD integration. I’m currently able to login as an AD user, but no groups are showing and no users are automatically added into spark. If I go into the server config, all the AD users are showing but none of the groups are showing. How do I fix this? I’ve looked at all sorts of fixes but I can’t seem to get any of them to work. Please see attached for current settings.

I also tried to make my base DN the entire domain, and that pulls in ALL the groups, but there are waaaay too many groups and users to be useful, so I really just need the groups in the personnel OU. Any ideas? I’ve set this up on another Domain with no problems but can’t seem to find where the issue is here.


this is how I handle this. maybe this will get you pointed in the right direction with what you are trying to accomplish

How to Setup Authentication Groups with LDAP/AD

Thanks for responding Speedy. I’ve seen your article but I was hoping that I wouldn’t have to rebuild all my OUs to make this work. We have over 100 users in 6 different departments and this isn’t something I want to spend my time on. Do the groups I have in place already seriously not work anymore? I just moved to a new company and at my last place of business they just imported with no problems…same setup.

you don’t have to redo your OU, its all group membership based. all your users and groups must fall under the base dn that you specify. this can be tricky based on your AD tree/setup. That’s why root of my domain as the base dn. Then I use the filter for the groups and user I only want to show up.

That is exactly what I thought,

Domain.local>Personnel OU>All our OU Groups are here such as Accounting, Marketing Ect ect.

If I point my base DN to the Personnel OU it finds all the users, but none of the groups pull in automatically…why? If I point the base DN to domain.local it finds every group and user in my entire AD and automatically pulls them ALL in.

Can I set my base DN to domain.local and then filter to the personnel ou? I’ve tried this various ways but I couldn’t get it to filter properly.

sounds like your groups are not in your base dn since its pulling in the groups when using the root of the domain.