Openfire pulling wrong users


I am new to the openfire community. I am trying to bring openfire to our university, but after installation and configuration I have found that when openfire pulls in the members of my groups that it is adding the wrong users. For example: Staff/Faculty members have more than one user name in active directory (one being a student account and one being a staff/faculty account)

Example Group:

Openfire pulls in the group: IT

bjohnson (a member of the IT group)

bill_johnson55 (not a member of the IT group)

When I go to the IT group in openfire it lists bill_johnson55 instead of bjohnson. I figure somehow its adding the person based off of the CN name instead of the sAMAccountName, but I’m not sure. Any suggestions on how to solve this issue?


Still having the same issue. I’ve went to the System Properties in the Admin Console, and I’ve changed some of the properties from CN to sAMAccountName. Same results. The only solution I’ve been able to find is to put the users and groups that I want to use in their own OU and set that as the base OU. Surely there is a better solution than this. I am unable to move users and groups around due to the nature of my enterprise infrastructure. Any suggestions anyone?

This thread might help you

Specially the second post.Re: LDAP and AD - Limiting Users

This was definately a good thought, after following all the instructions I am still in the same boat.

The problem that I’m having is** not **filtering groups or users.

Users: I have all the correct users showing up in the Openfire Users section.

Groups: I have all the correct groups showing up in the Openfire Groups section.

When I click on a specific group the members of that group are NOT ALL the correct members.

Example: When I click on the IT group in Openfire Admin Console I see a user name:


He is NOT supposed to be there the actual user of that group in AD is:


The problem I think exists with the way that Openfire pulls Members of a Group. If I look with an LDAP browser at the “member” field of the Group I find an Array with all the users inside it in the format of:

CN=Bill Johnson,OU=Staff,OU=Users,OU=companyOU,DC=Domain,DC=COM

What I believe is happening is when Openfire pulls a member of a group it searches LDAP for:

CN=Bill Johnson

LDAP most likely returns the results of:



Since they both have the CN of Bill Johnson. If I can find a way to make Openfire select the other user I believe I can solve my issue.

Any more suggestions? (Please Help!)

A simple way imho would be to create a Security Group named for example “Chat User” and add the “standard” users, in this case the student accounts, to that group (remember you can add groups to groups in LDAP). Then when you add the users to openfire you use a LDAP filter to only add the users belonging to “Chat User”.

I am already set up that way. I have a Group called:

openfire_groups: Only the groups I want in openfire are a member of this group

openfire_users: Only the users I want in openfire are a member of this group

The filters only point to these AD groups, but I still get the same problem as stated before. My second post explains why I believe this happens.

bjohnson is a member of the openfire_users group and in a group in the openfire_groups, but when openfire pulls in the groups it pulls the member bill_johnson55 into the group because Openfire searches by CN instead of sAMAccountName, Even though bill_johnson55 is NOT in openfire_groups or openfire_users. He does NOT show up under the Users list in openfire, but when I look at the group that bjohnson should be a member of, I see bill_johnson55 in his place greyed out.


Is there any way I can submit this to developers? or submit a support ticket/bug report?

I think there is a solution here if escalated to the right person.

Help… Suggestions?