Amigo, da uma comparada com a minha configuração:
Obs: Também utilizo banco de dados interno, meu servidor Openfire é o mesmo servidor do AD primario, e meu dominio é: fuga.com.br
Vi que tem muita coisa diferente, tenta comparar e deixar parecido, pelo que da para entender, o servidor integro com o AD, mas esta permitindo somente usuarios com direitos administrativos logarem no console. Tenta criar um novo usuario no AD, coloca ele no grupo dos administradores e ver se consegue conectar. Caso de certo esse teste, basta encontrar a configuração que esta fazendo essa limitação errada. Estou meio sem tempo para verificar uma por uma, então segue a minha configuração abaixo:
admin.authorizedJIDs
administrador@192.168.0.28,vini@192.168.0.28,informatica@192.168.0.28,cpd@192.16 8.0.28
cache.KrakenRegistrationCache.maxLifetime
-1
cache.KrakenRegistrationCache.min
-1
cache.KrakenRegistrationCache.size
-1
cache.KrakenRegistrationCache.type
optimistic
cache.KrakenSessionLocationCache.maxLifetime
-1
cache.KrakenSessionLocationCache.min
-1
cache.KrakenSessionLocationCache.size
-1
cache.KrakenSessionLocationCache.type
optimistic
fastpath.database.setup
true
ldap.adminDN
CN=administrador,CN=users,DC=fuga,DC=com,DC=br
ldap.adminPassword
hidden
ldap.autoFollowAliasReferrals
true
ldap.autoFollowReferrals
false
ldap.baseDN
DC=fuga,DC=com,DC=br
ldap.connectionPoolEnabled
true
ldap.debugEnabled
false
ldap.emailField
mail
ldap.encloseDNs
true
ldap.groupDescriptionField
description
ldap.groupMemberField
member
ldap.groupNameField
cn
ldap.groupSearchFilter
(objectClass=group)
ldap.host
192.168.0.28
ldap.ldapDebugEnabled
false
ldap.nameField
cn
ldap.override.avatar
false
ldap.port
389
ldap.posixMode
false
ldap.searchFilter
(objectClass=organizationalPerson)
ldap.sslEnabled
false
ldap.usernameField
sAMAccountName
ldap.vcard-mapping
{cn}
{mail}
{displayName}
image/jpeg
{jpegPhoto}
{homePostalAddress}
{homeZip}
{co}
{streetAddress}
{l}
{st}
{postalCode}
{co}
{homePhone}
{mobile}
{telephoneNumber}
{mobile}
{facsimileTelephoneNumber}
{pager}
{title}
{department}
]]>"><![CDATA[
{cn}
{mail}
{displayName}
image/jpeg
{jpegPhoto}
{homePostalAddress}
{homeZip}
{co}
{streetAddress}
{l}
{st}
{postalCode}
{co}
{homePhone}
{mobile}
{telephoneNumber}
{mobile}
{facsimileTelephoneNumber}
{pager}
{title}
{department}
]]>
plugin.contentFilter.allow.on.match
false
plugin.contentFilter.filter.status.enabled
false
plugin.contentFilter.mask
plugin.contentFilter.mask.enabled
false
plugin.contentFilter.patterns
?OTR
plugin.contentFilter.patterns.enabled
false
plugin.contentFilter.rejection.msg
Message rejected. This is an automated server response
plugin.contentFilter.rejection.notification.enabled
false
plugin.contentFilter.violation.notification.by.email.enabled
false
plugin.contentFilter.violation.notification.by.im.enabled
true
plugin.contentFilter.violation.notification.contact
administrador
plugin.contentFilter.violation.notification.enabled
false
plugin.contentFilter.violation.notification.include.original.enabled
false
plugin.userservice.secret
HRCCA05u
provider.auth.className
org.jivesoftware.openfire.ldap.LdapAuthProvider
provider.group.className
org.jivesoftware.openfire.ldap.LdapGroupProvider
provider.user.className
org.jivesoftware.openfire.ldap.LdapUserProvider
provider.vcard.className
org.jivesoftware.openfire.ldap.LdapVCardProvider
update.lastCheck
1368009279562
xmpp.auth.anonymous
true
xmpp.auth.sharedSecretEnabled
true
xmpp.client.idle
-1
xmpp.client.idle.ping
true
xmpp.client.tls.policy
disabled
xmpp.domain
192.168.0.28
xmpp.filetransfer.enabled
true
xmpp.server.certificate.accept-selfsigned
false
xmpp.server.dialback.enabled
true
xmpp.server.session.idle
-1
xmpp.server.tls.enabled
true
xmpp.session.conflict-limit
0
xmpp.socket.ssl.active
false