Setting Up LDAP On New Server

I’m getting an error with no information when I try to set up AD LDAP binding in openfire 3.6.4 on a Windows Server 2k8 machine. The DC is a Server 2k3 machine and the AD Schema is 2k8.

My AD Structure is as follows:

  • subDom4.subDom3.subDom2.subDom1.Dom
  • CN1

  • CN2


  • OU1

  • OU1.A

  • UsersOU

When I get to Profile Settings: Connection Settings; Step 1 of 3, where I create the LDAP bind, I get the following error message:

TEST: Connection Settings

Status: Error

There is no further information, I’ve checked the OpenFire logs, as well as EventViewer. I have no idea what this error means or how to resolve it because there is no reference to the error condition that I created.

I have the following settings in the Connection Settings page (Pipes (|) indicate alternate entries I’ve tried):

Server Type: Active Directory

Host: | DCHost.subDom4.subDom3…Dom | NetBIOSDom\DCHost | GCHost.subDom4…Dom | (GC Host IP)

Port: 389 (3268 for GC Binds)

BaseDN: OU=OU1,OU=OU1.A,OU=UsersOU,DC=subDom4,DC=subDom3,DC=subDom2,DC=subDom1,DC=Dom

Administrator DN: NetBIOSDom\DomAdmin | DomAdmin@subDom4…Dom | CN=DomAdmin,OU=…DC=Dom

Password: **********

What am I doing wrong? If the error message I get was a bit more informative, I could get this working, but Status: Error tells me nothing other than, “It didn’t work”. /ugh.

Message was edited by: Roger3 - Clarity in AD diagram

your AD structure is about as clear as mud. There is really no way to assist with what you posted. A picture from AD Users and Computers would be much more useful at show the structure.

Well, regarless of clearness of my example AD structure, the main issue that I’m encountering is that the error message I get contains no useful information and leaves no traces in either the OpenFire logs or the event viewer.

I get

Status: Error

With no other text to inform exactly WHAT the error IS.

What does this error mean? I’ve found plenty of references in the forum regarding access denied Status: Error messages, and plenty of misconfigured LDAP string references but they all have accompanying text explaining what’s going wrong. This error does not.

Separately, look at my example AD structure again, it is a copy of one found posted earlier in these forums and if it was clear then, it’s clear now. The only changes I made were to the top line, where in my organisation we have multiple sub domains. My users ‘container’ is a deeply nested OU and I have multiple DC= entries in the LDAP query. I’ve tried every combination that I can think of and can’t come up with a reason why I get such a cryptic error message.


Since it is failing at the first test in the LDAP setup there is something wrong with your config. If you are unwilling to post a pic of the config I cannot help. Best of luck.