powered by Jive Software

Sub domains no longer recognized

About a week ago, we noticed that no one could log in to Spark all of the sudden. 3.9.2 had just been released, so I updated to that. I’ve now updated to 3.9.3 and still no change.

LDAP works fantastic for the root domain. But all of the sub-domains seem to have disappeared from the user list (about 200 users across 4 domains)! I even started the setup from scratch (by modifying the openfire.xml to restart the setup) to ensure it was done correctly; the user list still only shows the root domain. Our server is running on CentOS 5.10, which is fully patched. There have been no recent changes to the CentOS server or the Active Directory server.

Here are our settings (obfiscated):


Port: 389

Base DN: dc=“domain”,dc=“local”

Administrator DN: cn=“Administrator”,cn=“users”,dc=“domain”,dc=“local”

Any thoughts would be appeciated. I’m considering wiping out the server for a CentOS 6 VM, but I have no indication that will solve the problem.

Blew out the server and completely re-installed the OS and OpenFire and getting the exact same results. So does that mean the Active Directory has a problem? Firewalls are off on the DCs of all domains/subdomains. But still only the users of the root domain (i.e. domain.local, not sub.domain.local) are showing up in the OpenFire user list.

Uh oh. This could be major. Setup another instance of OpenFire on a different domain (different network completely) as a test. Once again, Active Directory worked great, but only for the root domain. Seems to be broken in OpenFire, not my Active Directory. Has anyone else experienced this? Should I downgrade?

I’m having the exact same issue, going to try setting it up at the root of the domain.

What settings are you using when you successfully got it to work with the root domain?

What is your base dn and administrator dn?

The settings have not changed; I used these exact same settings and the system previously enumerated all users from all domains.

I did downgrade to 3.8.2–which used to work perfectly–and it now too will not accept sub domains. So this seems to be something wrong in AD. An update maybe? I can see single subdomains when doing the following, but that does not help me:


Port: 389

Base DN: dc=“sub”,dc=“domain”,dc=“local”

Administrator DN: cn=“Administrator”,cn=“users”,dc=“sub”,dc=“domain”,dc=“local”

The only thing I can think of is about a month ago one of the sub domains was removed from AD. I could understand if that caused a problem reading old users…but with a fresh install of Openfire, I would also think that would resolve itself.

Are the " required when setting up the base and administrator dn?

No, but if you type the locations without the quotes, it will simply add them.

Setting the Active Directory port seemed to do the trick. I changed it to 3268 while experimenting with info from this post:

Still not sure how it changed, but it is working across all domains now.

Hopefully this will help others.

I was able to get it working, had to have quotes around my base dn and then use my domain\username to authenticate for the admin dn. This all worked on 3.9.3.