powered by Jive Software

A few users do not show up in groups

Hello, I have Openfire 3.6.4 running on Windows 2003. All our openfire users are picked up from a master group in our AD (via ldap).

I have a 7 users out of about 500 that do not show up in thier groups. I can see the user object in the master userlist in Openfire. It claims on that user object that they are a member of the appropriate groups (as setup in AD), but when you look at the groups on openfire, those users are missing. Other users in the same groups are present. The user objects are similar to all the other working users (live in the same OUs in AD, member of the same groups, same kind of user names without odd characters). The problem user accouts do not show up in ANY goups, even brand new ones I create that other users added work fine for.

Rebooting the server makes no differnce. I didnt clear any caches, but I thought those cleared on reboot anyway (maybe Im wrong). If cahce clearing is next logical step, I just wanted to know the repercussons of doing so if any and which should be cleared (or just all of them).

Any other thoughts?

Acutally after posting that I cleared all caches and rebooted - no change.

As it seems to be effecting specific users, is there any chance there is something bad in the Database that isnt clearing? If so, is there some way for me to manually remove the user from the database? If so which table(s) do I need to be looking at so clear thier entries? Please help!

Please help, does anyone have any suggestions?

well You can try to:

  1. Turn on ldap debugging.
  2. Check requests sent to ldap server. (what is your base dn, search filters, what is a Distinguished name for missing users, is it fall under search criteria ?
  3. Try to run search request via external ldap client and compare results.

Milan

Thats whats so strange the ONLY difference from this user to another as far as the DN is concernes is the actual name.

  1. I have 100+ others in the same OU that pickup fine (and 5 that do not, all in this same OU)

  2. The problem users DN is not at all unusual, no special characters, nothing.

  3. LDAP searching looks good - the problem users even show up in the roster of users

  4. In the openfire user properties lists the appropriate groups

  5. When looking in the corresponding group properties, these few users are missing. (Note again, that they get these groups via AD group membership which the other 100+ users get identically but they all showup as expected in the Openfire group)

  6. the users can login to openfire just fine, they just have no group memberships and subsequntly are very difficult to find and they have trouble finding others.

The only things that makes sence to me here are:

That when Openfire is doing its LDAP query of the group, it is not accepting these few users for reasons unknown. As it happens to these users on ALL groups though that would seem to indicate a problem in the user account

or

Theres some kind of database curruption causing oddties (though when I add them to another group it shows up in thier user properties, but agin, not in the actual group.)

As far I can tell, user must exist under both search conditions: group search filter and user search filter.What is content of memberOf field of that user ? Compare it with some working user. Also check member field in the group ldap schema (dn of user in user and group should be the same).

Milan

Anyway it is best to try to detemine where is the problem: in openfire or in ldap server. Try to run searches via external ldap client.

Message was edited by: Milan Enev

try this one.

http://www.igniterealtime.org/community/message/191162#191162

Saagi - Thank you SOOOO much. The replacement openfire.jre in that link did the trick exactly! Thanks you!

Having this same issue, 3 users do not show up in spark but are in the same OU’s as those that do… I can search for them via spark and they show up but they do not appear in the group lists, Tried the replacement Jar file… No dice.