Openfire put strange search filter in ldap search

I tried to setup Openfire using ldap connection, openfire 4.0.1,

I used ApacheDS as the ldap server, ApacheDS 2.0.0 M20

and imported the sample ldif file, a SevenSeas organization with 12 pirates (inetorgperson) all with uid and userpassword attribute.

I added another inetorgperson with uid and userpassword.

Then I tried to have openfire connect to the ldap to search for users.

server type: other or unknown

host: port:10389

baseDN: ou=people,o=sevenSeas

Administrator DN: uid=admin;ou=system (default server administrator)

tests connection setting successful.

however then when I go on to user mapping, the test gave error

Status: Error

No users were found using the specified configuration. Try changing the base DN, user filter or username field.

I had the Username field set as uid, the default

having no success, I pressed save and continue

then I found in the openfire log file

2016.04.19 12:43:59 org.jivesoftware.util.Log - Error occurred while trying to get users data from LDAP

javax.naming.NamingException: [LDAP: error code 33 - ALIAS_PROBLEM: failed for MessageType : SEARCH_REQUEST

Message ID : 2


baseDn : ‘ou=“people”,o=“sevenSeas”’

filter : ‘(uid=*:[13])’

scope : whole subtree

typesOnly : false

Size Limit : 40

Time Limit : no limit

Deref Aliases : never Deref Aliases

attributes : ‘uid’ tControlImpl [sortKeys=[SortKey : [uid]]] ManageDsaITImpl Control

Type OID : ‘2.16.840.1.113730.3.4.2’

Criticality : ‘false’

: 系統找不到指定的路徑。]; remaining name ‘’

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)…

I have no idea what a filter: (uid=*:[13]) mean, although I have 13 people in the group, and when I put in the same search in Apache DS studio, it returns no result.

However when I remove the “:[13]”, such that the filter becomes just “uid=*”, or when I just completely removes the search filter. the search in Apache DS studio returns fine with the 13 people.

I have no idea why openfire will add the number of entries in the the search filter (I tried removing the inetorgperson I added, then it became uid=*:[12]), if that be a bug or a misconfiguration by me, some help or tips will be very much appreciated.

One more thing I noticed is that when I try to restart ldap configuration hence the profile setting, the baseDN and administratorDN is not saved, such that it appears in the web just as o= and uid=, however the host, port, admin password was saved, hence I do not know if the baseDN and administratorDN is actually saved, though I suspect it be so because I tried enabling anonymous access in ApacheDS but the search still returns no result.

Is there a longer stack trace available? It would be interesting to know which Openfire class fires this query.

I think the admin dn might be misleading. It’s the account account used to bind to your ldap for queries. try using the full dn for the account you’re using, or just something like ‘user@domain.local’. I also suggest setting your basedn to the root of your domain. ie baseDn = ‘dc=domain,dc=local’ (System cannot find the specified path) 系統找不到指定的路徑。]; remaining name ‘’

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)

at Source)

at Source)

at Source)

at org.jivesoftware.admin.LdapUserTester.getSample(

at org.jivesoftware.openfire.admin.setup.setup_002dldap_002duser_005ftest_jsp._jsp Service(

at org.apache.jasper.runtime.HttpJspBase.service(

at javax.servlet.http.HttpServlet.service(

at org.eclipse.jetty.servlet.ServletHolder.handle(

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1669)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

at org.jivesoftware.util.LocaleFilter.doFilter(

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

at org.jivesoftware.admin.PluginFilter.doFilter(

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(

at org.eclipse.jetty.server.handler.ScopedHandler.handle(


at org.eclipse.jetty.server.session.SessionHandler.doHandle( 3)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle( 27)

at org.eclipse.jetty.servlet.ServletHandler.doScope(

at org.eclipse.jetty.server.session.SessionHandler.doScope( )

at org.eclipse.jetty.server.handler.ContextHandler.doScope( 1)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(

at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:110)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(

at org.eclipse.jetty.server.Server.handle(

at org.eclipse.jetty.server.HttpChannel.handle(

at org.eclipse.jetty.server.HttpConnection.onFillable(


at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob( )

at org.eclipse.jetty.util.thread.QueuedThreadPool$

at Source)