Users in multiple groups (LDAP) / only one group shown

After searching a view hours without finding a solution I finally post here…

My issue:

I have users being member of multiple groups in the AD.

When I lookup their user-properties in the Openfire webinterface, only one group is shown under their “Groups:”-info.

The only user, being displayed as a member of multiple groups is me and I am marked as administrator.

My setup:

• Openfire authenticates against AD via LDAP

• Groups reflect different services

• Users are members of one supergroup with all users and all groups of their subscribed services

My AD-structure (example):

  • OU=someou,DC=example,DC=com
    • OU=customers
    • Contains users that are customers
    • Examples: ted, jed, fred
  • OU=users
    • Contains users that are simple subscribers of services (ie. services provided by customers)
    • Examples: don, ron, john
  • OU=services
    • Contains groups reflecting the services
    • Example: some-group
    • All users are in a supergroup for all users: all-users

Group-members overview:

all-users: ted, jed, fred, don, ron, john

some-group: ted, jed, don, ron

Openfire LDAP-setup:

ldap.baseDN: OU=orgun,DC=example,DC=com

ldap.groupSearchFilter: (objectClass=Group)

ldap.SearchFilter: (&(objectClass=user)(objectCategory=person))


The properties of the users ted, jed, don and ron only show “some-group” in the “Groups:”-info field.

Looking at the groups list shows the same. Members of the group “all-users” are only fred and john, while the members of “some-group” are ted, jed, don and ron. They are actually members of “all-users” in the AD but missing in that group within Openfire.


If a user is member of multiple groups, only one group is being saved/synced.

Are groups in Openfire build by the users’ memberOf-information or by querying LDAP for groups?

Why is my (administrative)-account synced correctly as memberOf both groups?

What do I have to do to get this synced correctly?