3.10 RC1 issues

3.10 RC1 issues (tested on SPARK and JITSI both WIN clients)

Envi: Centos7 / RH7

Old fashion start (RC.D) script are not handled correctly by systemd. SYSCONFIG/openfire changes are not respected at all. Also access to some default directories isn’t working (for PID file for example - hard to solve therefore…). Embedded JAVA isn’t starting due to lib incompatibility. BTW: common java isn’t located at …/default dir but alternatives etc…
Recomm. - don’t use v.7 - too much problems for non-admins

Envi: Centos 6.6/RH6
Embedded Java isn’t starting (the same issue with lib incompatibility).


Cluster facility is reporting java exception (error log) even if disabled. RSS/update (even if disabled) are again and again reporting exception due to wrong root cert. (of course should be wrong - if not imported ). But why checked for RSS?

Cert (I mean returned signed cert) importing field (sec cert. menu) doesn’t work at all. The issue is wrong cacert location reading. Doesn’t respect real java path location… should be done all steps manually.

Cosmetic: Start script not presenting [OK] but stop script does (the issue is: C6/C7 behavior is the same but on C7 isn’t OF started at real but no any message about… confusing

openfirectl start doesn’t work at all but openfirectl stop does. The systemd issue is mainly disaster for java home handling… guys… i agree systemd is piece of shit and authors should be executed… anyway working solution should be done… There are no distros without systemd hell now…

Active Directory/LDAP

shortly hell.

  • AD usage configuration is not possible to do by any other browser than Internet Explorer (since version OF 3.9 tested…).
  • vCard mappings should be done manually. OF conf. window isn’t complete (some fields are missing - company for example). Photo tag is always disappearing etc.
    BUT mainly -
    AD integration is practically unusable. The issue is - if you try to add any fake contact (client) - it is possible even if the requested Username doesn’t exist at all. JITSI’s searching doesn’t work at all - so generally- user has no idea if somebody will authorized his request or if it is typo… - totally unacceptable! and with conjunction of auto-subscription which isn’t working…

If you will try to add user who is part of shared group - you will see two !! in user’s at roster - one for group and another none group. Also mapping and propagating of public group’s members work strange… user will see correctly mapped names which is not possible to use for manual user adding!! So you will see Username always (if you will add contact manually) instead of propagated Name by published group. More - the correct name at shared group (at user’s roster) will be overwritten by manually added JID… HELL! So AD integration issue…

Also shared groups (doesn’t important if public or not) are created with random setting of member’s authorization… Some of all them have randomly BOTH,TO,FROM – no any order here or reason. So not usable again…

AD/LDAP integration is looking like very very early alfa version…

BTW: cache clearing? - new OF installation from the scratch…


ofmeet dosn’t adopt AD/LDAP correctly. It is not possible to use existing AD account to get access to ofmeet www page (focus only)

Seems to OF has too much basic troubles to be usable as production system - i am going back to Prosody.

Hi Jaromir,

Sorry to hear that you’re running into so many issues. Thank you for taking the time to report them though - that will help to make things better - even if it’s not for you.

Can you give me some details on the certificate issue that you’re referring to? I’m not exactly sure what the problem is that you’re trying to describe. As I am currently working on exactly that part of the admin panel, I could be able to address the issue right away.

Sorry for my late…
As i remember (i have server in my office…) there are Java exceptions in the log for RSS feeds obtaining.

Something like - root cert isn’t found… or something similar.

The reason is - my company has own (local) root cert. and ca cert. So root cert can’t be used outside that why. But the question is ~ why RSS feeds should be read by https?

Currently i have OF server behind FW (+VLAN) with no access to internet. So this mess is out… but i can see another messages about RSS unavaibility - even all related options (updates… etc) are switched off. That eats 70% of all error logs. Is not so much comfortable to find up real issues within at such case.