powered by Jive Software

LDAP Rosters

Hi there,

There’s quite a few threads here around the automatic population of user rosters based on LDAP groups but there doesn’t seem to be a definite answer on enabling this and/or whether this is actually supported. Not shared rosters but rosters automatically managed by LDAP groups, e.g. user X has a friends group on LDAP which should automatically be added to his/her roster without an admin sharing the group.

I’ve got OpenFire configured to retrieve my user’s groups from LDAP and it shows up fine in the admin console with the correct members, however they never show up in any client.

So not knowing too much about Java (dangerous) I had a look at how the Roster is populated and can’t see any obvious means for it to actually add members from a LDAP group to a users’s roster. The Roster constructor retrieves the groups but never do anything with it:

// Get the shared groups of this user
Collection sharedGroups = rosterManager.getSharedGroups(username);
Collection userGroups = GroupManager.getInstance().getGroups(getUserJID());

Only the sharedGroups collection is referenced by the rest of the code. A quick workaround (and again unsure of the implications of this but it works) was to add the following to the constructor:

// Add All Group Members
for(Group group : userGroups) {

Collection jids = group.getMembers();
for(JID jid : jids) {
Log.debug("[ROSTER] Adding :" + jid.toBareJID());
String nickname = “”;
RosterItem item = new RosterItem(jid, RosterItem.SUB_BOTH, RosterItem.ASK_NONE,
RosterItem.RECV_NONE, nickname , null);
rosterItems.put(item.getJid().toBareJID(), item);

Now my users see all their LDAP ‘friends’ in the contact lists. I don’t quite understand how, without this or a similar change, the roster is meant to be auto-populated?

Any pointers on how this is suppose to work would really be appreciated?




Hi Todd,

Thanks for the reply. The question was specifically around non-admin shared groups. e.g. We can retrieve groups specifically for a user containing his/her roster and this needed to automatically appear in the roster. Shared Groups are useful but not in this scenario.

As I mentioned in my post in the roster building code I can see queries both to retrieve the groups for a user as well as the shared groups. Only the shared groups are used and default groups returned for a user are ignored even though they show up in the admin console.

We made the small mod above to the roster code as a test and it ensured that all groups and their users associated with an user also appeared in their rosters.


Maybe I am obtuse but I am not understanding what you are trying to do. Are trying to automatically share all groups a user belongs to?

User A - In LDAP this user has a group (private group, this user only) with his/her roster. Not shared at all, each of our users has a group with their IM roster in it.

So User A with a group : ‘Group A’s friends’ (User’s B, C, D, E). Without any intervention the users (B, C, D, E) in this group, which belongs to User A, should appear in A’s roster.

So NOT shared groups, just an automatic roster based on the LDAP group that is returned for the specific user. Not sure how to make it clearer than this

There is no way to automatically populate users to a roster with openfire except with Shared Groups. If a user creates their own roster groups they need to add the people manually to the group. you can avoid the hassle of subscription rerequests by installing the subscription plugin and setting it to accept local. Openfire has read only access to LDAP servers so cannot make any changes to LDAP, therefore you cannot use the registration plugin to autoadd people to a custom group at login that would be shared to user’s rosters.

Thanks Todd. Thanks for the confirmation, I was worried we were misinterpreting the LDAP docs.

The above change enabled it for us. It just adds the users from the user’s groups to his roster.