powered by Jive Software

Does 3.9.3 Kill LDAP Groups?

Hello.

We recently updated to 3.9.3 and what we’ve noticed is that our LDAP groups dissappeared.

We have a main OU in Active Directory that has serveral child OUs within it. Users live in these smaller OUs. These Smaller OUs used to show up as groups within the Spark client.

Before, we had a baseCN of the main OU and it would automatically pluck out each user (based on criteria that we set) and auto add them to each user’s roster in Spark.

We upgarded OpenFire the other day to 3.9.3 and we noticed that upon a restart of the Spark Client, the groups dissappeared. A user can only see members in their respective group. Nothing has changed on the LDAP level, so we think that it may be caused by the update.

Does anyone have any idea on this? Is this a bug or by design as per the update?

Hmm… We seemed to have solved it (I think). We went into the admin console and reset group sharing. We unconfigured it and reconfigured it again and that seemed to fix it. It appears that the 3.9.3 update caused this error though.

Ok. This isn’t completely solved. We have reset the groups, but it seems to jump around configuration between users.

A user and I are in the same OU group. This OU group is configured to share with other OU groups. I can see all the groups but the other user cannot. Something strange is happening. Again, this all used to work before.

One more update. It seems like a reboot of the server fixed it. I’ll continue to monitor it. Any thoughts on this?

Further more to this, it seems the server is still having the problem. Groups are not being displayed from out LDAP. I can’t even seem to manually add people. I can search for them, but when I click on Add to Friends List, the user is not added.

My organization is having this issue as well. If I go into the shared group and deselect one of the shared groups, save it and then select it again and save it, the groups show up. There is no certain group or person that it happens to. Any other suggestions would be appreciated. Starting today I will be restarting the service every morning to see if that helps.

Good to know we aren’t the only ones. The issue reverted back in the morning. Our solution: restore back to 3.9.2. Upon a Spark IM restart for every user, everything worked as it should. This appears to definitely be a bug.

I ran into this same issue myself recently. Check your group names, as Openfire seems to be having an issue with group names that contain special characters… including spaces.

Example: My AD groups were called ‘Warehouse Spark Users’, ‘Dealership Spark Users’, and ‘Accounting Spark Users’.

Removing the spaces from the group names has resolved my issue… and it is 5 days and counting.

I hope this helps.

I’m going to try this in the morning. I wonder if it’ll work to just create new groups with no spaces/special characters and then stick the original groups into those.

That’s all fine and dandy but groups in AD are set by OUs. It’s a nice work around but you cant expect a big organization to change their OU names. Various ‘moving’ parts may rely on the name.

I wish this could be registered as a bug; hopefully to be fixed in 9.3.4.

Is anyone else having this issue? Has this been confirmed as a bug yet?

Thanks for mentioning this thread in my question (https://community.igniterealtime.org/message/240650). The problems seem to be related, although you’re using AD and we’re using OpenLDAP.

btw: We don’t have spaces or other special characters in our ldap group names (just cn=groupname,ou=anou,ou=someotherous,dc=domainname,dc=tld), so this can’t be the reason.

For now, we downgraded to version 3.9.1 - this seems to be working for the moment.

Eddi, you said you have downgraded to 3.9.2. Is it working fine now or did you have to downgrade to 3.9.1?

3.9.2 had a bug with showing groups with space in the Admin Console (not in the clients though), so if it only breaks with 3.9.3 i wonder maybe a fix had a side effect. If only 3.9.1 helps with the issue (antubis issue seems to be different) then it widens the number of changes which could have introduced this issue.

Put me down as a “me too”! I think it’s time to confirm this as a bug.

I am running 3.9.3, with AD. I am having the same exact behavoir that these others are experiencing. Right now I am going in on a daily basis and disabling the group sharing, and then re-enabling it again to make the problem go away temporarily. It’s quite tedious and time consuming. But I am glad to know that it’s not just ME.

Is there something that I could provide in the way of verbose logs that might help resolve the issue?

how many groups do you have and users? what kind of database are you running? Java version? I have yet to experience this issue.

I would file it as a bug, i just waiting to confirm which version works ok (3.9.2 or even 3.9.1). Though it won’t change much without knowing what exactly is causing this. I doubt many of our recent contributors (who made the changes for 3.9.2+) are using LDAP.

Any logs that you think are related will be useful (just not paste them, but attach as a file). Not sure if this will help, but you can also enable the debug logging (in the same place where the logs are in Admin Console). It will produce more logs, but i’m not sure they will show anything useful about this issue.

My database is the built in one, HSQL Database Engine 1.8.0

My Java version is 1.7.0_55 Oracle Corporation – OpenJDK 64-Bit Server VM

My platform is Ubuntu Server 14.04 LTS

In AD, I have a ton of groups (could that be an issue?). I am pointing Ignite to the top of my AD tree, so that they are all visible. But then I am only inter-sharing between two groups. And we are talking about less than 20 users total.

I had thought that maybe this was caused by having one user that is in both groups that are shared with one another? But that does not appear to be causing any problems other than the user shows up twice on Spark rosters.

I did have some errors and warnings (see the linked logs). One of which is ovbiously being caused by the use of a foward slash character in an AD group name. Looks like I need to find the person that did this and smack them!

I’m not sure if any of the rest of this is useful?

http://www.filedropper.com/openfirelogs

Sorry for the lame file download site. I don’t see any way to attach files in this forum.

My setup is quite different than yours.

I’m running openfire on a 2008r2 server with oracle offical java 1.7.55, and using a ms sql database.

are you using existing groups or did you create groups to be used for openfire? are you using any search filters for your groups?

Press “undefined” word in the upper right corner of the message box and you will find an option to attach files.