Hello,
Funny thing just happened to me. There was a problem with my AD account, so I had to delete it and recreate it, then readd myself to all of the groups I was in before. However, OpenFire doesn’t seem to see me in right group now even though I verified that I am in AD. How often does OpenFire query AD? Is there a way to force a re-reading of the AD domain?
Thanks!
You can try clearing the server caches. If that does not work you can stop openfire and start it again.
Do you know which Caches? Would Group and Group Metadata Cache do it?
I do not know which ones specifically… sorry.
I’ll give it a whirl and let you know. Thanks for your help!
Restarting the server and flushing the cache didn’t work. Is there a limit on the number of groups that AD can read? I’m in at least 26.
There is a limit to the number of results of a given query. AD cannot return more than a 1000 results for one query by default. This doc is the reference: http://support.microsoft.com/kb/315071
So I should be well with in the threshold of what AD can query. I’m actually apart of 40 groups. The main group that is shared to all users, the IT Group, has changed several times today and OpenFire can read those changes just fine. I’ve tried removing myself and readding myself several times to no avail. OpenFire can see that my username is apart of the AD group, but when I query the group itself, my account just isn’t listed as a member. it’s so strange!
How many AD users do you have (more than 1000 will affect query)? Also try creating a test user and adding it. If it works then there is something with your specific AD account.
We definitely have more than 1000 users, however, it was working just fine before. My guess is that there is something wrong with my AD account OR I need to limit the Base DN to just the user’s group. As it stands right now, OpenFire is reading the entire AD forrest.
Again, thanks for your help!
I can tell you for a fact that AD does not return results in alphabetical order. I think it has more to do with creation order. When I did an export of accounts from my AD they were in what appeared to be a random order. Not saying that your account does not have some issue.