Where LDAP is currently used, Openfire uses the com.sun.jndi.ldap classes - these are internal Oracle libraries, and ideally should not be used.
Use of these classes should be replaced with the Apache Directory LDAP API - http://directory.apache.org/api/ - which is a modern replacement.
Note 1; I've subsequently found that whilst `com.sun.jndi.ldap.LdapCtxFactory` is to be avoided (it's a com.sun package, which is not available in all JREs and may disappear in future ones from Oracle, too), the underyling `javax.naming.ldap.*` classes are fine to use.
Note 2; It turns out (during the fix to the above, which is to replace the `com.sun.jndi.ldap.LdapCtxFactory` class by instantiating a new instance of `javax.naming.ldap.InitialLdapContext` that the code doesn't actually use `com.sun.jndi.ldap.LdapCtxFactory` anyway - it just looks like it does (it actually uses JiveInitialLdapContext which extends InitialLdapContext).