User in and not in group

I’m using the LDAP integration, and it’s talking to an Active Directory instance.

I have a user “milfr”, and a group “alltt_jabber”. In Active Directory, the user is a member of the group. When I go to Openfire’s web interface, “Users/Groups” > “Search User” > “milfr”, I can find the user and I see the user is known as a member of groups devel, QC, and alltt_jabber.

There is one group that is on everyone’s roster: alltt_jabber. When I ask Openfire to show me “Users/Group” > “Group Summary” > “alltt_jabber”, I see the users I expect except for user “milfr,” despite Openfire telling me that user “milfr” is a member of group “alltt_jabber” on the previous webpage. I believe this is why user milfr@openfire.touchtunes.com/Home isn’t appearing on anyone’s roster when using Spark or any other jabber client.

I’m not sure what I should be looking for next to fix the problem, so that user “milfr” will appear as a member of group “alltt_jabber,” and thus on everyone’s roster.

What version of Openfire? How many other members of the Group?

Openfire 3.3.2. Plugins: IM Gateway 1.1.3a, Search 1.4.0

Java: 1.6.0 Sun

Appserver: jetty-6.1.x

base OS: Linux 2.6.20

282 people in the group

People who have been added to the group after milfr do appear in the contact lists.

I’ve removed milfr from the Active Directory group, waited half an hour, and re-added milfr to the group. Still doesn’t appear in the Openfire > Users/Groups > Group Summary > alltt_jabber group’s roster.

Is there someplace I can see a record of OpenFire’s attempt to resolve this group’s roster with ActiveDirectory? Perhaps I can monitor the attempt and see where it stumbles with the “milfr” record… although Openfire > Users/Groups > User Options > “milfr” > User Properties does indeed claim that this user should be a member of group “alltt_jabber” , so I’m not confident it’s a problem with ActiveDirectory/LDAP interaction.

… or, if OpenFire copies the information from LDAP to a local roster list, is there a way I could modify OpenFire’s copy so that I can force this user to be a member of the roster, as if with a crowbar?

I had a similar issue. I had an AD user that was showing in OpenFire. Their profile showed them to be a part of the correct group but in Openfire under that group they were not listed.

Deleting the user in AD and re-adding did not correct the issue.

In the end, I renamed their name to be milfr. or milfr1 or something. Once the system updated the cache the user appeared correctly. I have about 5 out of 1000 users that are like that. Adding them with a new username also works but that can cause issues if the username is tied into other systems.

A couple of these users had been deleted by accident and re-added shortly after. I am not sure if that had somehting to do with it.

Which part of the User object did you modify in LDAP/ActiveDirectory?

The string “milfr” appears in the attributes “proxyAddresses”,“mailNickname”,“sAMAccountName”,“legacyExchangeDN”,“userPrinci palName” and “mail”. Some of these attributes, if I change them, would lock the user out of anything that uses LDAP/AD for authentication. I’m not sure which of the LDAP/AD attributes are used by OpenFire for naming users in rosters.

… maybe I’ll have to do this in the middle of the night, when I’m can be certain the user is sleeping.

I just right clicked on the entry in AD and Renamed. Seems simple but did correct the issue in my case.

Once done, had the user log out, I manually cleared openFire’s cache and then had them log in.

I just right clicked on the entry in AD…

Where is the “rename” option on the right-click menu? See attached.

3rd from the bottom

-Deleted- Duplicate post

-Jeff

I also found adding an extra space between first and last name also worked and that was least visible. You could also do firstname.lastname.

I still have no clue why it happens and why only 0.5 % of our users were affected but in our setup , this did the trick.

Here is the thread from when I had the issue. http://www.igniterealtime.org/community/message/166016#166016