Openfire working well integrated with Active Directory

Hi everyone,

I was having touble to configure Openfire on my company and spent hours to tune it well, so I would like to share my solution.

Server OS: Ubuntu Server 14.04.2

Openfire version: 3.9.3

Because I need integration with Microsoft’s Active Directory, on the config, I’ve used:

Host: mydomainname

DN Base: DC=mydomainname,DC=local

DN Administrator: CN=Administrator,CN=Users,DC=mydomainname,DC=local - (here I’ve used my default domain admin account)

Then, i’ve created a security group on my DC called “_Openfire”. Then I’ve added to it all the users that I want to give chat access.

On the openfire, in the second step (user mapping), i’ve used:

Username field: sAMAccountName

User filter: (&((objectCategory=Person)(memberOf=CN=_Openfire,OU=Recursos,DC=mydomainname,DC=local))) - (here i’m setting it to the group “_Openfire”. It’s inside the OU called “Recursos”)

In the third step (group mapping), I leaved the default:

Group Field: cn

Member Field: member

Description Filed: description

Posix mode: No

Group filtering: (objectClass=group)

In the next step, on administrator account, I just choose my own account on the DC: fabio.oliveira. If the configuration goes well up to this point, it should be able to find the accounts without errors.

After it, just logged on the console admin with my account. Then, I clicked on Users/Groups -> Groups -> _Openfire (here’s the group I’ve created…)

Then I enabled the sharing of the contact’s list with my company’s name. Checked the “aditional users” box and choose to “all the users” and just saved. At this point, it should display all the users I’ve put inside the group on Domain Controller.

Now…the tough ones: I need to have the list of users updated the most possible, so I’ve added some parameters on Server-> Server Manager-> System Properties like someone else have said on the forum: = 5242880 = 3600000

cache.username2roster.size = 5242880

cache.username2roster.maxLifetime = 3600000

cache.userGroup.size = 5242880

cache.userGroup.maxLifetime = 3600000

cache.userCache.size = 2097152

cache.userCache.maxLifetime = 3600000

cache.groupMeta.size = 2097152

cache.groupMeta.maxLifetime = 3600000

The most important parameter, at least for my case, it’s the maxLifetime ones: it’s how long the cache is renewed updating the contact list too even without need to restart the openfire service. Note the numbers are on miliseconds, so I’ve used this site to convert: Seconds to Milliseconds Conversion Calculator.

I first made a quick test: just changed all the time values to 100000 (it’s 100 seconds). Then, I’ve added and removed some users on the DC. Closed my IM client (Spark) and started again: not happened. But after about 2 minutes, closed and started again the client: it updated the contact list. After the test I’ve changed the values back do 3600000 (60 minutes).

After it, just to ensure everything goes well, I just added a line on my /etc/crontab:

00 7

      • root
        service openfire restart

With it, the service is going to restart daily at 7 o’ clock, before the users turn on the computers. It’s not mandatory to have this, because only the cache settings worked well.

Well, now all my company’s users know that they need to close and open again the client after 60 minutes I’ve added someone new.

Anyway, It they are not in the hurryI, it’s just ok to everybody else know of new user’s existence only in the next day, when users are turning again the computers and along with it the client again.

If you need external access (people outside your company’s office to chat with the ones inside) you can follow my answer on on this topic

Hope this mini tutorial can be helpful.

Best regards,


1 Like