powered by Jive Software

External User Auth, User and Group Providers

Hi,

I have configured the OpenFire server to authenticate externally via JDBC and to provide the users and groups from my database versus the standard OpenFire tables. So far things seem to be working ok, but I have one or two questions.

  1. When I view the details for a group, the count of members and admins is right and the correct users show up as belonging to those groups. However, when I view the details for the user, the Groups property which I think should show the list of groups that user belongs to always says ‘‘none’’. Is this normal? I have looked at the SQL that is used to query the groups for a user and I don’'t see a problem with it. When I execute the same SQL from the command line, I get the correct list of groups for the users.

  2. Since users and groups are cached, if I add another user or group while the server is running, it does not recognize the new user or group. I have found that if I use the admin console to clear the user and/or group caches, it re-reads the database and all is well. What is the best way to do this programmatically? I want my custom user admin screen for my system to be able to automatically clear the appropriate caches when new users or groups are created, updated, or deleted.

Thanks in advance.

Bill Bailey

Senior Developer / DBA

Northland, A Church Distributed

Does anybody have any suggestions or comments on this issue? Please?

In regards to item 2 have you considered updating through Openfire? You will need to add this support manually to your User and Group providers, but, depending upon your architecture this maybe the simplest solution.

Thanks,

Alex

By this do you mean that our user admin screen would in effect become the OpenFire admin console user administration screen? It appears the current user and group providers provide only read-only access to the users in the external database. Would I need to write my own providers from scratch? Could I just extend the existing ones (i.e. JDBCUserProvider and JDBCGroupProvider)?

I’‘m still not sure if it will work for us even if this is technically feasible. There will be a lot of data associated with each user profile and I’'m not sure we want to have to go to OpenFire to administer part of the user information and somewhere else to administer the rest. Ideally, we would like to have just one user administration screen or at least a tightly integrated set of screens for this purpose.

I was thinking that I might be able to reverse engineer the admin console to find out what kind of post it does to the OpenFire server to flush the user and group caches. If it is just a simple HTTP POST, then I should be able to do that from my own application provided I have an admin username and password to log in with.

Can you see any problem with this? I know flushing the caches could have performance impacts, but I would not anticipate that creation or deletion of users would be so frequent as to cause any real problems.

Thanks for your input. Any further input you may have is simiilarly appreciated.

Bill Bailey

Senior Developer / DBA

Northland, A Church Distributed