OpenFire AD Security Group - Issues

Good Afternoon,

What do I input for BaseDN, Search Fields, User Filter and Group Filter

Below is my Ad structure

  1. I want ONLY members of the OpenFire_Users Group pulled into openfire and have the ability to authenticate through Pidgin to openfire.

  2. I installed OpenFire 3.8.0 and could not chat w/other users… (seems to be a known issue) I tried 3.8.1 beta and after installing, openfire was not even showing up as a service on the server, I decided to install 3.7.2 and COULD communicate between users, but it was pulling ALL ad users in ALONG with OpenFire_Users, but that is now how I wanted it… Again, I want only the group specified to be pulled in.

  3. Is there a way to pre-populate users inside of everyones chat? For example, when a users logs in for the first time, he/she see’s ALL available chat users… This would eliminate the user having to “add” each user individually.

  4. I would like Domain Admins to be admins… or Do I need to add admins individually?

  5. Whenever I made my base DN dc=domain,dc=com I could add admins on the last step of the set-up but when I drilled down to the OU containing the user group (OpenFire_Users), I could not add admins on the last step of the setup? Do I need to specify where the admins reside?

THANK YOU in advance

OpenFire_Help.doc (463872 Bytes)

I wrote this up a while ago, and this is how I handle my groups

hope it helps.

Thanks for the reply…

I think that I am stuck here:


(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire Access Group,CN=Users,DC=AD-DOMAIN,DC=local)))

where does this information go? where you have 1.2.840.113556.1.4.1941

what is that? is that unique to a server?



ALso, whenever I successfully remove ALL of the names… and keep ONLY the group that I want w/in openfire users/groups… once I log out, I lock myself out… I have the admin account underneat the security group… but it still locks out…

please post your filter string.

I have another document attached filled with information/settings!

Thanks Again for your help…

OpenFire2.doc (622080 Bytes)

make your basedn


leave group search filter default ( this is used for roster groups and not for authentication)

for search filter

(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire_Users,OU=Security Groups,DC=Whatever,DC=something,DC=com)))

Make sure your security group is a LOCAL DOMAIN group and not Global or universal group.

before you get started, make sure your admin account is a member of the security group

Let me know if that helps. If not, shot me a PM

Hi Brian,

Did you fix this issue?, I’m facing the issue right now and I follow the same instructions without success.

Let me know.