When sipXecs is installed, the Openfire IM server gets configured with a default console administrator: admin/admin
When the Openfire IM server is configured to work with LDAP, the default admin/admin user cannot log into the administrative console.
This is because authentication is performed at LDAP level.
If LDAP authentication fails it does not fallback to database authentication. A login error message is displayed to the user instead.
LDAP users are not copied in openfire database and LDAP directory is read-only, meaning that Openfire cannot create users in the configured LDAP directory.
Given the above details, the only way to be able to connect to Openfire administrative console when LDAP is configured, is to mark an existing LDAP user as an authorized admin.
In sipXecs, the existing user superadmin permission can be reused to offer Openfire Administrative Console administration support also.