powered by Jive Software

Cannot use LDAP groups in MUC rooms with "Only login with registered nickname"

Hello! I dont know if this is the correct place where I can public this thread. Sorry in that case.

I have observed that if you have integrated Openfire with external LDAP authentication and authorization, if you have configured a MUC room with the option “Only login with registered nickname” (that is a flag activated via a the columm “ofmucroom.usereservednick” in backend database), when you use LDAP groups to place user affiliations in a MUC Room, it produces this error:

“Error removing the user/group. The room must have at least one owner.”

And in the web application server error logs appear this messages:

2020.12.02 11:22:36 INFO [Thread-94]: org.jivesoftware.openfire.plugin.ofmeet.JitsiJicofoWrapper - Jicofo 2020-12-02 11:22:36.446 ADVERTENCIA: [34] java.util.prefs.checkLockFile0ErrorCode() Could not lock User prefs. Unix error code 2.
2020.12.02 11:22:36 INFO [Thread-94]: org.jivesoftware.openfire.plugin.ofmeet.JitsiJicofoWrapper - Jicofo 2020-12-02 11:22:36.446 ADVERTENCIA: [34] java.util.prefs.syncWorld() Couldn’t flush user prefs: java.util.prefs.BackingStoreException: Couldn’t get file lock.

I think that is relationed with the working mode of Openfire LDAP integration: LDAP groups are hashed in JID names, and the flag “Only login with registered nickname” in the admin web interface, is not comparing the hashed JID name with the form data parameter “userJID/memberJID”, that is in plain text.

This is an example on the JID of a LDAP group, contained in the backend relation (table) ofmucaffiliation, in the backend database:

b16l0k1d85i6qqbeec======@host.fqdn/d720bb7a4fa68cb1c8d9d80660ac6b03