powered by Jive Software

Active Directory Integration - Problem with Rosters when two users share the same DisplayName

Hello all,

We run a Citrix farm and have used Openfire for a year or so as a chat solution for our customers without any major problems. We use the same Active directory for multiple companies, secured, and works relatively well for our needs. Lately though, we have encountered a problem that I’ve found no solution for, relating to ad Display Name.

We have two distinct companies, in two different OUs that have employees named the same way, say John Smith. The first one, has a sAMAccountName of jsmith_company1, the second jsmith_company2. This works well for most applications, since sAMaccountName and the UPN (jsmith@company1.com and jsmith@company2.com respectively) is different, having the same Display Name is not an issue for apps and AD.

Now, in Openfire, we are using groups to create rosters automatically, but here’s where the error occurs:

user jsmith_company1 was created before jsmith_company2, and when I create a group, say group_company2_chat and look into Openfire, I see all users _company2 EXCEPT one user, jsmith_company1.

I’m not sure why, but the only reason I see is that they share the same display name, but jsmith_company1 is NOT a member of the group group_company2_chat.

Could it be that OpenFire finds the user by displayname, and then uses samaccountname on the group display page? Then it must find the wrong user, and does not check group membership by samaccountname. I am not a LDAP expert, nor an OpenFire one, but will get to be an issue quickly once we get more users having the same name, hence, the same display name.

Has anyone had the same trouble, or does anyone know of a way to tell openfire to search by samaccountname and not by cn (displayname) in LDAP for group rosters?