I have been experimenting this with Openfire 4.6.0 (Centos 7) where a comment in security.xml says:
<!--
Any other property defined in this file will be treated as an encrypted
property. The value (in clear text) will be encrypted and migrated into
the Openfire database during the next startup. The property name will
be added to the list of encrypted properties and the clear text value
will be removed from this file.
<foo><bar>Secr3t$tr1ng!</bar></foo>
-->
However, ldap.adminPassword or any other additional property I list in security.xml in the commented section gets only migrated to the database but unencrypted. Do I understand to comment correctly?
Also tried to set ldap.adminPassword in openfire.xml and then refer to it with the name tag in the encrypt section in security.xml with no success.