How to remove 'Remote users' from LDAP groups?

Using an chat bot client, I came to aquire a bad user entry in the Openfire database that I can’t remove via the admin interface. This entry is conflicting with the actual user’s account and that user can no longer log in.

Steps to reproduce (some may not be necessary)…

  1. Version 3.5.2 Openfire using authentication configured against an Active Directory LDAP
  2. All users are also part of an LDAP group
  3. Enable contact list group sharing on that group with a group name like ‘All’
  4. Create a user in the active directory called Howie
  5. Make Howie a member of the affore mentioned AD group containing all users
  6. Refresh Openfire until is picks up the new user and Howie can log in
  7. Install ‘Howie the Chatterbot’ on a client PC
  8. Configure howie.ini to connect with the Howie user credentials, but leave the line ‘resource = default’ as is
  9. Run the howie client


  • The Howie user no longer appears in the Openfire User Summary page and the user can not login
  • On the Group Summary for the ‘All’ group, the user appears as and is not hyperlinked (see attachment)
  • Since the group is readonly, you can’t purge it and pick it up from AD again
  • No amount of clearing cache or changin LDAP connection settings or restarting the server fixes the issue

I’m assuming that the Howie client tried to login using the correct credentials but for some reason then identified itself as which confused Openfire which renamed the user and flagged it as a remote user. Since this isn’t supposed to happen, there is no feature in the interface to purge that incorrect user data.

Possible security issue as it completely locks that user out of the system. I’m not sure if the problem would have occured even if the wrong user credentials were entered, but I can test this and if so that’s a big concern. There is not even anyway for the administrator to fix the problem as far as I can tell (other than completely reinstalling Openfire).

I noticed my post title was missing the question mark, so it looked like a statement rather than a question. So now I’m going to bump it an clarfy what I need next.

Really now I just want to know now how to get rid of that user record. What’s the best way to conenct to the embedded database so I can try to find and remove it? Tell me this and I’ll be very grateful. Do I need to enable remote connections to the database or something? Point me to a jdbc driver and the default username/password and I can take it from there, unless you know an easier way.

I’m not going to try to use Howie the Chatterbot ever again. It did some really funky things to the system when I configured it with ‘resource = Howie’, none of them desireable. Methinks Howie doesn’t speak the same language, not surprising really since it’s 4 years old now.