LDAP user login/logout notifications

I’'ve been using Wildfire for a few months on our server here at a newspaper at a community college. We love it. The features of Wildfire far outweigh the lackluster jabber server Apple included in its OS X Server.

However, I have a small bug. Maybe something I can fix here, maybe something that needs to be considered on the developer end.

Our setup is an Apple OS X Server 10.4.6. Apple uses LDAP to store users and groups and almost every other piece of information for users with roaming profiles used on remote machines. Getting Wildfire hooked into this setup was fairly simple. A little debugging and reading through a few threads plus a little trial and error got everything synced in without any problems. Our server uses mySQL, so I am using that as the backend for Wildfire. All client are using Apple’'s iChat, though the circumstances of what is below are identical using Spark or Adium.

My problem here is that when a user connects with a jabber client, other users don’‘t get notified of the connected user. Users who are already connected at login will appear in a user’'s list, but new users remain in their offline state, even when they are connected.

Example: User A is logged in, when User B connects. User A will appear in B’'s contact list, while User C will appear offline. When User C connects, Users A and B appear in their list, but User C does not appear in the lists for Users A or B. When Users A disconnects, he remains online in the lists for Users B and C.

Simply, when a user logs in, the list is current and accurate. But as users connect and disconnect, contact lists remain stagnant, and are not updated.

This was not a problem until I hooked into the LDAP. I used multiple client software setups, and nothing changed. One thing to note is that most users are in more than one group, and appear multiple times in the list. However, even users who are part of only one group are affected by this, both not having their contact lists updated, nor being updated in other user’'s lists.

I hope I was clear on what this problem is.

Has anyone seen this kind of problem? Is this a known bug? Is there a known fix?

Found the bug. JM-702.

Seems to possible be related, though not the same bug as JM-695.

Message was edited by: lkbowen 06/22/06 15:04 (-0700)

I don’‘t know if that’'s exactly the same bug…but I had the same problem as you, and found a workaround (not perfect, but better than nothing, at least in our setup).

In the wildfire.xml file, only put org.jivesoftware.wildfire.ldap.LdapAuthProvider in the section–leave out the LdapUserProvider and the LdapGroupProvider. Then create the users and groups in Wildfire (or import them).

This will propagate presence notifications correctly, while still keeping the single login and password for your users. Only a username and password that exist in the LDAP directory will be allowed to authenticate.

I have found one bug with this, though: even if you have Wildfire set not to allow unregistered users to log in, if people exist in the LDAP directory but not in the Wildfire DB, they can log in using their LDAP login and password and are given a string of random alphanumeric characters as a logged-in username.

Hope this is helpful.

Timothy Collett

Any chance you have commas in your LDAP userDN’'s? Look at JM-695

Also check this thread: http://www.jivesoftware.org/community/message.jspa?messageID=108512

I have discovered the root cause of your problem. When you log in part of the process is looking up the user’'s VCard. However, you have disabled LdapUserProvider so that will fail. When that fails the entire login process “fails” and the user is considered an anonymous user, hence the random string of text for a username. Note: this will happen even if anonymous users are disabled.

This is not an acceptable workaround. the purpose of using LDAP is so when users ar changed in the LDAP configuration (which provides other services in our server-client setup), the changes are automatically filtered into Wildfire. When a user is deleted from other services, I need it deleted from Wildfire. When new users are created, I need them created in Wildfire. This fails to accomplish this, and defeats the purpose of LDAP authentication.

Nope, can’'t find any commas in any fields referenced by my config. There are a number of child entries in each userDN that are created by our server software. These may have commas in them, but they are not needed for the LDAP authentication.

Maybe this is the bug??? If the server is looking at more than the fields specified in the wildfire.xml config file and pulls these fields in, it may be causing the problem.