LDAP User can log on but has blank buddy list

A user that has worked fine for a long while suddenly has an issue. Their profile had issues in Active Directory so we completely wiped them out and re-created their user.

Everything works perfectly except for Openfire. User can sign in just fine but his list is blank. Other users see him though and can message him, his lists is always blank unless you go to SHOW OFFLINE USERS and manually try to talk to someone.

It seems like a “ghost” of his old user is still in the system. Is there a temporary / cache area that I should clear out?

Thanks for any and all help!


I found the issue here, but not sure why it is happening. The user shows they are in the group ALL USERS. However when you go to that group in openfire it does not contain that user.

How can I force it to refresh the group and see that he is in there?



Hi Tim,

Have you tried clearing the caches under Server Manager > Cache Summary? We pull our users from AD, but not all users, only those who are approved to have IM. In AD, we add a tag in the description field and add them to the appropriate group in AD. So, anytime I add an existing user in AD who was just approved for IM, I clear the following caches:


-Group Metadata




I don’t think it is necessary to clear them all I listed above, but it seems to always work if I need Openfire to update right away so the user can login right away, otherwise Openfire updates periodically (I am not sure of how frequently this happens by default).

1 Like

Thank you so much for the reply. I did go in and clear all caches just for fun, thinking it was something like that. No difference however.

It’s so strange, I go to the USER and under groups they have all the correct groups. But when I go to any of those individual groups, they don’t show this user.

Is he using Spark? If so, I would try to delete the spark profile on the user’s PC and have it recreated.

Thanks again for the reply.

He is using Pidgin… I have tried from multiple machines and different clients.

I appreciate all your ideas though for sure.

Not sure where to go from there…if you have bounced the server and it still is happening, there must be a record in the database…I would search the database for the user, maybe you can delete any applicable records from the database, there may be records under the ofuserprop or ofvcard tables…

When you do find the solution, let me know what you find, I would like to know in case I ever encounter the issue…thx!

I think you are right, there is something “corrupt” or still hanging out there with this user. I can create a new user and it works perfectly, add’s it to the right group, everything is fine. No matter what I do, I can’t get this user back in the correct group.

I am not sure where to look in the mysql database though… It looks quite barren really, I went into the openfire database, and checked out all the tables… I tried at least 70% of them and there is hardly and data in there… Wondering if there are any spots in particular to be checking?

Thanks for your help, sorry it took a bit to reply

Hi Tim,

When we switched to using Active Directory a lot of information was no longer stored in the database for users and groups as it is pulled directly from AD and just cached I guess. But, places I would look (we using MySQL) are following tables:


-ofuser (I think this is where users are stored if not pulled from another directory like AD)

Maybe there is an issue with the group being corrupt…you could check the ofgroupprop table too. Maybe someone else knows more about where things are stored in the database and could help out more as I am not an expert on this, mostly just had to fiddle around with it to try to delete old groups from the database that are no longer in AD. Anyone else have any ideas?

On another note, we actually had a case last week where a consultant’s AD account was deleted by one of our techs too early due to a misunderstanding and had to be recreated. To my knowledge, it was created exactly the same and he had no problems to speak of with his IM account. So, something seems to be corrupt for sure or hanging on for dear life somewhere.

How do you pull your group(s) from AD? Maybe you could create a replacement group and use that instead? On our network, only approved users can have IM so we could not just pull all users. So, we added a tag ( - IM) to the description field and query for all users that have the tag in their desription field. The groups are done similar with the same tag added to the group name (we use groups created specifically for IM, not pre-existing AD groups).

@ragenkagen: That was just the solution I needed, though my problem was more the reverse.

Active Directory, new user added to one group (but not another, required group) by someone else while I was out for jury duty. She couldn’t log in until I added her to the second group. Upon logging in, she could see everyone in her buddy list, but nobody could see her. (This was with Spark and Pidgin.) Looking through the admin console, I saw that she wasn’t in anyone’s roster. I cleared those chaches you suggested, logged out of Pidgin, and she was in my list when I logged back in. (In my roster, too.)

This may not have been the answer Tim needed, but it worked perfectly for me. Thanks.

Thanks again for all the great replies here ragen.

I liked the idea of a new group… so I did that. I created a group called openfire and just for fun / testing I added absolutely everyone to it. I went in to the openfire admin area, went to groups, and sure enough it was there already. I went into the group, every user is there EXCEPT for this one user.

So yes, definitely something is “corrupt” for his user id in the openfire database somewhere, it’s preventing him from showing up in any group, even brand new ones.

I will try to dig through the opnfire database looking for something with his id. If I find it though, do I want to delete it? I would be a little apprehensive doing that. I suppose I could back it up first.

Such a strange problem. Thanks for all the ideas thus far.

@darniil: glad this could help!


I am not sure how best to proceed with deleting the records in the database. I have done this for old groups before, and have not seen any issues yet, but never tried to recreate the exact groups. Yes, backing up first would definitely be a good idea, as always.

I have been poking around our database a little more and I noticed that we still have some records (in ofpresence, ofvcard and ofroster tables) for users who have been gone for literaly months (AD account deleted months ago), but other users who were deleted last week are completely gone. Maybe there are old records in these tables (especially ofroster, ofvcard) that are not being updated if the records for the old account were not deleted in openfire if the account was like one of the few of ours that are still presisting.

I honestly wouldn’t be surprised as the user would have a different SID now in AD and maybe openfire is confused by the same username/different SID combo. That is if the SID is used by openfire at all. not sure if it is or not though…