Active Directory, users and groups

Hi everybody!

I using Openfire 3.5.0 on Linux Debian Etch JVM - 1.5. User base is MS AD, without Exchange.

In AD created group inside of BASE DN of my domain , example “GroupA” (DN of “GroupA” looks like this “CN=GroupA, OU = orgUnit2, OU = orgUnit1, DC=mydomain, DC=local”) , with some users. “GroupA” shared witn anoter groups in Openfire.

Trouble is: Openfire can’t see some users from this group. I go to at User/Groups -> Group in admistration console, then find “GroupA” and look list of users in it. List of users in console differ from original in AD. Openfire exlude 2 users (example User1 and User2) from origin group.

Also i find in Openfire support community Questions and issues similar my issue. Most fully thread are

We use special chema for names of account in AD: CN of “User1” look like this: “Lastname FirstName Initial”

I tried to rename “User1” “Lastname FirstName Initial” to “Lastname FirstName_Initial” (rename operation in MS AD is change CN value in LDAP), and “User1” appers in “GroupA” in Openfire admin console.

Then I return CN of “User1” to previous value (“Lastname FirstName Initial”) and… “User1” successfully disappear from “GroupA” in Openfire

Manipulate with CN (renaming in AD) of “User2” takes no result for “GroupA” in Openfire.

Interesting fact: User1 ang User2 can succsessull logon always.

When OpeFire normally see “User1” in “GroupA”, roster of User1 fill witn ietms from shared for “GroupA” groups.

Also i cant find “User2” in list of all user (User/Groups page of console) recommended here:

What must i do for resolve this issue?

Renaming or changing values of some fields in user account entry of AD is wrong way, becouse it is temporary action.

Best wishes!

Hi to all!

I found new post with problem in AD, groups and users:

I try to summary information about this trouble.

Issue is: disappeared user in shared group. Also that users has no items in roster.

Methods to resolve:

  1. Check BASEDN and problem users and groups. They must be whitin BASEDN.

  2. Check Name of user account in Active Directory (CN). I think that,It must contain only letters and numebrs (space symbols supported too).

  3. Try to clear cache of Openfire server.

  4. Try to rename user account in AD and clear cache.

  5. Try to stop sharing of shared groups, then clear cache of Openfire, and restart server.

I get result only wtith method #5.

Question to supoprt team: if is it bug of Openfire, when it will be fixed? If it is not bug what I do wrong?


After last my server restart left about 6 hours, i check my problem user’s roster. All item left! r-r-r

Then i check shared group where user is - and a see that something wrong with account: in list sorted by sAMAccountName problem user goes first!

But it’s sAMAccountName begins on letter “S”.

Example here (real names hidden) :

Members of This Group


Away sh**** -

problem user here!

Offline aab****

Available aaf****

Offline ams****

Offline anb****

Extended Away ans****

Then we tried to re-enter User Logon Name and User Logon Name (pre-Windows 2000) in AD console, wait for Openfire Cache, and… ola-la: problem user’s roster fills with items!!!