User Mapping Error

I’m setting up my OpenFire server and am using Active Directory. Under connection settings I entered the base dn and administrator dn correctly and when I tested the settings got a success.

However I cannot get it to find users under User Mapping. I’ve left everything as default but when testing the settings I get a fail saying I should change either the base dn, filter, or username field. The username field is the default for active directory (sAMAccountName) and the base dn should be correct and as I said I got a success on the previous screen. I’ve tried taking out the filter that it has in there by default but still get a failure. Does anybody know what I might need to change?

most likely your baseDN is too narrow, but without specifics I can’t know or help for sure. This doc may help:

The active directory is located on, my exact listing under base dn is as follows:


Also, this is openfire 3.6.0 and the very first sentence of the article you linked says it is not viable for openfire 3.6. But thank you anyway.

Can you provide a screenshot from AD users and computers like in that document. The document will work for 3.6 but you do not edit the openfire.xml file now. You edit the system properties.

Unfortunately I cannot provide a screenshot as the system I’m working on is sensitive.

As was mine, that is why I photshopped it to change the names. Are you using the default Users container for baseDN? I would think/hope your users are in an OU somewhere else. If all the users are not located in the baseDN they will not show.

They are all located in the users container.

It’s nothing complex, I don’t understand.

It may be an issue with case. The BaseDN is case sensitive. Also you could relax the baseDN to the domain level, dc=domain,dc=com.


You should create OUs and place the users in an OU, groups in an OU, and computers in an OU. This will allow you to better manage your computers and users via group policy. It will also increase your security. Using the default AD containers is considered bad form and low security.

Thank you very much Todd, relaxing it to the domain level solved the problem.

Thanks for the advice but unfortunately I’m a low level admin here and that is not my call to make.

Glad to hear it is working. Please award points for helpful and correct answers.