I've seen this question asked a few times. "How can I used my AD roster groups for user authentication?" I beleive I have found the solutions.
for this example I'll be using the following:
AD domain = AD-DOMAIN.local
access group = Openfire Access Group
roster groups = _IM Group1, _IM Group2
(*note - I'll be using _IM as part of a wildcard search, so all my groups start with _IM for that reason)
First create your security groups:
Create a Domain Local Security Group. In our example call it Openfire Access Group and place it in the user container.
Created regular security groups, in our example _IM Group1 and _IM Group2.
Make _IM Group1 and _IM Group2 members of the Openfire Access Group
Add your users to the _IM groups
(include your openfire admin account, or make it a member of the Openfire Access Group )
Next, set your system properties in openfire:
ldap.baseDN
DC=AD-DOMAIN,DC=local
ldap.groupSearchFilter
(objectClass=group)(cn=_IM*)
ldap.searchfilter
(&(objectclass=organizationalPerson)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Open fire Access Group,CN=Users,DC=AD-DOMAIN,DC=local)))
That should do it. I hopes this helps someone! Please let me know if you have any problems or if I missed something!