Using an chat bot client, I came to aquire a bad user entry in the Openfire database that I can’t remove via the admin interface. This entry is conflicting with the actual user’s account and that user can no longer log in.
Steps to reproduce (some may not be necessary)…
- Version 3.5.2 Openfire using authentication configured against an Active Directory LDAP
- All users are also part of an LDAP group
- Enable contact list group sharing on that group with a group name like ‘All’
- Create a user in the active directory called Howie
- Make Howie a member of the affore mentioned AD group containing all users
- Refresh Openfire until is picks up the new user and Howie can log in
- Install ‘Howie the Chatterbot’ on a client PC
- Configure howie.ini to connect with the Howie user credentials, but leave the line ‘resource = default’ as is
- Run the howie client
Result:
- The Howie user no longer appears in the Openfire User Summary page and the user can not login
- On the Group Summary for the ‘All’ group, the user appears as default@your.server.com and is not hyperlinked (see attachment)
- Since the group is readonly, you can’t purge it and pick it up from AD again
- No amount of clearing cache or changin LDAP connection settings or restarting the server fixes the issue
I’m assuming that the Howie client tried to login using the correct credentials but for some reason then identified itself as default@your.server.com which confused Openfire which renamed the user and flagged it as a remote user. Since this isn’t supposed to happen, there is no feature in the interface to purge that incorrect user data.
Possible security issue as it completely locks that user out of the system. I’m not sure if the problem would have occured even if the wrong user credentials were entered, but I can test this and if so that’s a big concern. There is not even anyway for the administrator to fix the problem as far as I can tell (other than completely reinstalling Openfire).