Can I simply edit the openfire.conf file and add multiple <baseDN>OU=my_ou_name,DC=domain,DC=com</baseDN> lines for each OU that I have users in? What is the best way to specify multiple user organizational units? I don’t keep any users under the default settings.
The easiest method is to point at the top most OU that contains all the other OU’s that contain user accounts. If one does not exist you could point at the tree. I created a master OU and placed all account bearing OU in it.
As mst said, point your BaseDN at the highest OU/CN in your tree that contains all your users.
The rest (to keep out printers, computers and disallowed users) you have to add a filter that matches exactly your allowed users.
You can only bind to a single DN. They way you limit who gets access to openfire is by using groups. For example, all of my Jabber users are in the JabberAccess group. In addition to that, each user is a member of a JabberDepartment group, which I use to build my roster groups.