LDAP groups not updateable

We currently use LDAP as User+Group(+VCard) provider and are very keen on using the our LDAP groups to give per MUCRoom access rights. This currently isn’t really usable since the information about group memberships is read only at startup and there is no way to update that information anymore.

I looked into the sources and debugged a bit, and it seems that in LocalMUCRoom.java applyAffiliationChange iterates over all group members and adds them to their respective user lists; This should somehow be retriggered at least when the GroupCache is cleared.

Another thing that I don’t understand yet: GroupProvider has addMember, updateMember, deleteMember, but it doesn’t have isMember which would be completely useful in this case, and which could be cached in a separate LDAP query cache.

So does anybody have a patch for that lying around?

If not, do you think it makes sense to go ahead like this:

  • extend GroupProvider interface and all the GroupProviders by adding shortcut to check for group membership

  • modify LocalMUCRoom (and maybe its remote counterparts?) to not look into locally stored lists, but instead to query the GroupProvider directly instead. The GroupProvider would then have to take care of caching.

Ok, I finally found the real problem: ConcurrentGroup(List|Map) do not query group membership directly, but instead add another internal cache; I made a new pull request that should fix that. Do not require restart to reload group memberships by sengels · Pull Request #315 · igniterealtime/Openfire · GitHub

1 Like

another pull request for the same issue takes over: OF-921: Reset MUC group cache for group changes by tevans · Pull Request #311 · igniterealtime/Openfire · GitHub, bug report: [OF-921] MUC Group ACLs are not updated when users join a group - Jive Software Open Source