In JDBCUserProvider::loadUser(String) you try and prepare a statement using loadUserSQL (line 113ish). Then you catch all SQLExceptions and just throw a UserNotFoundException. Do you think it might not be better to LOG the SQLExecption that is possible from a badly configured openfire.xml so that this common occourance might be easier to track down by users?
In General swallowing Exception without logging is a bad idea.
We were attempting to use oracle as our UserProvider but had jdbcUserProvider.loadUserSQL as jdbcUserProvider.loaduserSQL. So our sql was null that was passed into the prepareStatement call and this was silently failing.
Also, you might want to think about better xml config file validation against an XSD or somthing.