Unable to Connect (or Test) LDAP - Windows 2012 R2 Server & DC

Hey Guys -

I’m trying to install Openfire on a small company’s only server which runs Windows Server 2012 R2 and is also a DC. After doanload and installation, I open the web console to start setup. I choose standard settings including embedded database then get to the LDAP config screen.

Currently the user accounts are in two OUs:

  • Business Name

  • Users

  • Office Users

  • Production Users

Also, the domain admin is in the Users OU in the root.

I’ve tr5ied many different things but most frequently tested with using the fqdn of the server as hostname businessname.local, for the base dn used “cn=Office Users,cn=Users;cn=Business Name,dc=Business Name,dc=local” and for admin cn used “cn=tviadmin,ou=Users,dc=businessname,dc=local”

The only parts I was unsure about were if it was case sensitive, when to use “cn” vs using “ou” in above strings, and if I could point base to “cn=Users;cn=Business Name,dc=Business Name,dc=local” and it would pull usernames from two OUs inside of it.

If I click Test Settings nothing happens. If I go through next 3 pages to add admin page and enter a username, it fails. When trying to add it, the below appears in Openfire’s window:

Openfire 3.9.3 [Jan 15, 2015 12:53:55 PM]

Admin console listening at http://theveryideasvr:9090

Missing database schema for openfire. Attempting to install…

Database update successful.

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:

  • ‘DC=businessname,DC=local’*

I’ve tried it in Google Chrome as well as Internet Explorer with similar results. I also found a similar post where it was suggesd to use this prototype file, but tried it and no change.

What am I doing incorrectly? Thanks!

I would recommend setting the base DN to to the root of your domain, and then use group membership to grant access.

This should point you in the right direction

HOWTO: Setup Dynamic Access based on Active Directory Groups

I would also recommend using an external database. It make things alot easier for you in the long run.