i just found the time to finally get the 3.6.4 openfire working with my company's notes ldap server again. here is the new patch to the sources, it's a -p1 (when in the untared openfire_src dir) unified diff.

one hunk of my old patch was merged it seems (though no one even commented on that post, hence the blog post this time), but additional fixing was necessary so the setup tool does disable DN enclosing by default, which breaks authentication in the case of lotus notes. the no-base-dn fix (which is in fact a workaround for the broken notes ldap, but i stopped argueing a while ago) is also updated.

after installation and setup, if your admin users were found and added but you're still unable to log in, you will need to set the following properties, either in your sql database or in the embedded database script file while openfire is stopped:

ldap.encloseDNs = false
ldap.encloseGroupDN = false
ldap.encloseUserDN = false

That way, the DN enclosing will also be switched off after installation. Start up openfire and you're good to go.

Another property of interest for lotus domino ldap users is "ldap.override.avatar", it will enable the display and transmission of user icons. yay... technology just can't be stopped ;-)