powered by Jive Software

OpenFire Configuration,HelpMe,SOS

Hello,Every one:

I want to config openfire + Active Directory, Use the LDAP Guide(http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html) , I can’t connect to the DC,can you help me ? thanks

IF you have a step by step document, Please send it to me(chenwq16@hotmail.com) ?thank you very much!

It would be nice if you provide us at least with an error-report and your config if you need help. A step-by-step guide to this topic is probably not really helpful as there are some things that simply depend on your setup. Besides…the LDAP Guide is mostly Step-by-Step

There are several guides posted in the community already, as well as many very detailed discussions. Here are links to 2:



Beyond these the LDAP config is fairly straight forward with the setup wizard. The complexity of LDAP would come from your AD configuration.



First: we must config openfire + Active Directory

Second: Our company want to use SSO

Third: May be our company will buy the license of openfire(enterprise)

but , I’m stoped in the first step(successful on openfire + oracle , not AD) ,can you help me?

Depending on your AD setup, >Users< should be either “cn” or “ou” but you specified ou under Base DN and cn as Administrator. This shouldn’t work. Also in my setup I used “;” to separate but I don’t know if that matters.

If it does not help…have you checked that you really can reach Port 389 from this machine?

Try this:

Base DN: OU=Users,DC=sf,DC=com not the capital letters

Administrator DN: Administrator@sf.com

Still with a standard setup of an AD on a Windows 2003 “Users” at the Root of the Domain is a CN not an OU. At least here this was always the case.

Don’t ask me why, I have near to Zero knowledge of AD/LDAP I just made it work and that made me incredibly happy (And took quite a long time with sorting and grouping and all that stuff).

It is kind of bad form to let the users sit in the default Users container. either case the Admin DN is more likely the error. use the structure I previously stated or domain\Administrator

console error messages!


Are you trying to use encryption? If so, have you tried without to see if that works?

ping is ok

telnet 389 is ok


Deal all:

I use

BaseDN: cn=Users;dc=sf;dc=com

AdminDN: cn=Administrator;cn=Users;dc=sf;dc=com

that’s OK now , thanks ( the openfire server is DC server)

but , not all users in “cn=Users”, most users in “SF-Users” under root directory sf.com?Our architectural like this below:









|-SF Employes in China



|-SF Employes in American



|-SF Employes in Japan


|-Domain Controllers




Can somebody help me ,thanks a lot!

in this case just use

BaseDN: dc=sf;dc=com

and restrict access later on with a filter to those OU/CNs or users that you would like to use jabber

Follow you advice, I use:



is ok now,but only under this environment (the openfire server is the DC Server,I create a test domain test.com is ok), But I can not connect to the prod DC Server(sf.com).

Can AdminDN didn’t use “cn=Administrator”?? For Example, I have create a user named “SF-Admin” in OU “SF-Account”, did I can use AdminDN like this:“cn=SF-Admin;cn=SF-Account;dc=sf;dc=com” ?


Please correct me if I understood you wrong…I think I’m not 100% sure what you mean.

What’s your DC Server? Did you mean AD?

If you cannot connect to your prod. server, make sure that it is configured to allow LDAP requests…it looks to me your problem is not caused by openfire but by the way your AD server handles requests (or blocks), especially if you say your test-server works btu the other one not.

If your totally lost, try wireshark to take a look at what exactly is happening between your servers…this helped me, I got some helpful error descriptions that way

You may use cn=Administrator as long as the cn Administrator has full rights to read the whole tree you need.

If your OU SF-Account is in your Root you’ll have to use:

AdminDN :“cn=SF-Admin;ou=SF-Account;dc=sf;dc=com”

as your selfmade OU is indeed an OU not a CN !

It’s ok now!

thank you very much.