It would be nice if you provide us at least with an error-report and your config if you need help. A step-by-step guide to this topic is probably not really helpful as there are some things that simply depend on your setup. Besides…the LDAP Guide is mostly Step-by-Step
Depending on your AD setup, >Users< should be either “cn” or “ou” but you specified ou under Base DN and cn as Administrator. This shouldn’t work. Also in my setup I used “;” to separate but I don’t know if that matters.
If it does not help…have you checked that you really can reach 10.0.15.3 Port 389 from this machine?
Still with a standard setup of an AD on a Windows 2003 “Users” at the Root of the Domain is a CN not an OU. At least here this was always the case.
Don’t ask me why, I have near to Zero knowledge of AD/LDAP I just made it work and that made me incredibly happy (And took quite a long time with sorting and grouping and all that stuff).
It is kind of bad form to let the users sit in the default Users container. either case the Admin DN is more likely the error. use the structure I previously stated or domain\Administrator
is ok now,but only under this environment (the openfire server is the DC Server,I create a test domain test.com is ok), But I can not connect to the prod DC Server(sf.com).
Can AdminDN didn’t use “cn=Administrator”?? For Example, I have create a user named “SF-Admin” in OU “SF-Account”, did I can use AdminDN like this:“cn=SF-Admin;cn=SF-Account;dc=sf;dc=com” ?
Please correct me if I understood you wrong…I think I’m not 100% sure what you mean.
What’s your DC Server? Did you mean AD?
If you cannot connect to your prod. server, make sure that it is configured to allow LDAP requests…it looks to me your problem is not caused by openfire but by the way your AD server handles requests (or blocks), especially if you say your test-server works btu the other one not.
If your totally lost, try wireshark to take a look at what exactly is happening between your servers…this helped me, I got some helpful error descriptions that way
You may use cn=Administrator as long as the cn Administrator has full rights to read the whole tree you need.
If your OU SF-Account is in your Root you’ll have to use: