I have a user that is OpenFire does not like. My setup is
Windows Server 2003
Active Directory LDAP autentication
Openfire 3.3
Openfire reads her fine and she can sign in, If I look at her on the Openfire Admin page she is listed and is showing to be a member of the group in AD I have put her in…BUT if I go to that group in admin, she is not listed there. When she logs in, she cannot see anyone and does not appear in any groups.
Here’s where it gets weird. I recreated her account in AD and same issue. I recreate a slightly different name (ie: jsmith2) and it works!
There is something about her name that is just not working. It is as if it has blocked that name from being a member of any groups. Is that even possible? Everything about her AD account is fine and has been recreated 3 times now.
Has anyone seen this and more importantly, anyone know what the issue is?
No we are not. This is just a basic AD for our VPN users. Her AD account is fine from what I can see and recreating it should fix it but doesnt. Open fire sees her correctly and shows all of her info, just wont put her in any groups.
OK, so lets try deleting the user from AD again. Then clear all Openfire caches. Then check the user list to see if she is still listed. If she is reboot the openfire server. Check user list again if gone then recreate the user account. If this does not work I would try to edit the database directly and remove her account from the database.
Ok I deleted her from AD. Cleared out the database, cleared out the cache and confirmed she was no where to be found.
I re-added her, then added her to the correct AD group.
I checked back with OpenFire Admin and she was listed under users and was listed correctly BUT is still not showing up in her group. I have also tried adding her to all of my groups and she appears in none.
so her username is purely alphanumeric? Also what database are you using to store the data for openfire? Is there a possibility to reinstall the openfire server or at the very least set up a sandbox server on a XP workstation to see if the error reproduces itself? There are limitations of the embeded server or so the programmers tell me. It could be related to that.
I am using MySQL and her name is just alpha (first initial last name)
I re-installed the chat server the other night (to test the time it would take to rebuilt) and the result was the same. If it was happening to random users I could understand it, but this seems to be tied only to one username and only tied to her assigned group (everything else works)
I only have the one server in my network and so I cannot test her locally here since my server is internal.
There could be a corruption in the mysql database. Have you tried to physically remove her info from the mysql database. The reason for this logic is that everytime you delete and create an account in windows it gets a different identifier in window even if the username is the same. LDAP connects do not generally distinguish this data. Plus the default qualifier for Openfire AD LDAP is the username field of AD. There is a good chance her user data is not being removed from MySQL when the account is deleted. When it is recreated in AD it just uses the corrupt account data again.
Can you humor me and install Openfire on an XP client machine (using the embeded datase). Configure it to use LDAP and see if it has the same issues. If it does then you have an issue with AD, since you ruled out the server and the database. If it is AD it could be the MaxPageSize setting or the user account (which i doubt at this point, but you never know with windows).
I never did ask if you were using LDAP group filters on the Openfire server LDAP config. That may also be a factor.
Other than these last suggestions I am at a loss. We have gone through most of the thing I can trouble shoot via a forum.
I can install on an XP machine but I will not be able to have it authenticate with my AD server since it only allows internal connections.
I am using Group filters but (from what I know) that only affects the groups it sees (I am filtering all groups that start with chat-). No other user has this issue. so i dont think its that.
It is something to do with her actual username. If I go into AD and change it by 1 letter, everything works.
You don’t have an XP machine on the same network as the AD server? It seems odd to me that her account is having this issue. When you create her account do you add all the groups she is a member of at that point? Maybe try one at a time. Would you be willing to share what her username is specifically?
I was able to correct this issue by renaming the user. Recreating the entry does not work. It can be a simple rename (ie John Smith to John.Smith/John Smith(extra space) / John_Smith)