Logs shows "Error Getting Groups for User:"

Hi all,

I’m working on a new openfire implementation. Version 3.5.2-1 installed on RedHat from the rpm package. It’s replacing an old wildfire server that I haven’t touched or upgraded in a while. We’re going to be using fastpath once it’s up and running on a current version. The RHEL 5 system it’s on is dedicated and not running any other applications and fully updated.

I’ve configured the new system to authenticate and pull roster groups from Active Directory (win 2003 domain). I’ve setup a SparkIM group in AD and made both user and groups a member to filter correctly and avoid any nesting problems. This seemed to work great. Users and groups are displayed just like I’d expect. A few days of messing around and testing the new server I noticed that when I select a user in the admin console many of them have “Groups: None”. I’m also seeing an error in the log file on the server when these users are selected from the admin console or when they login. The error is exactly as described in this post. The users that log the error are all members of 20 or more other AD groups. There seems to be some process that’s ignoring my group filter and trying to get every “memberOf” value from the directory server for each user.

Since I’m still in limited testing I haven’t noticed big usability problems yet, but this is projected to be a pretty critical system once fullly deployed.

Any thoughts/comments?

Error message:

2008.08.26 17:32:22 [org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroupNames(LdapGroupProvid er.java:387)] Error getting groups for user: user.name@host.example.com
javax.naming.NamingException: [LDAP: error code 1 - 000020EF: SvcErr: DSID-020A0B25, problem 5012 (DIR_ERROR), data -1017
]; remaining name ‘’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroupNames(LdapGroupProvide r.java:371)
at org.jivesoftware.openfire.group.GroupManager.getGroups(GroupManager.java:364)
at org.jivesoftware.openfire.roster.Roster.(Roster.java:106)
at org.jivesoftware.openfire.roster.RosterManager.getRoster(RosterManager.java:86)
at org.jivesoftware.openfire.user.User.getRoster(User.java:369)
at org.jivesoftware.openfire.handler.IQRosterHandler.manageRoster(IQRosterHandler. java:201)
at org.jivesoftware.openfire.handler.IQRosterHandler.handleIQ(IQRosterHandler.java :106)
at org.jivesoftware.openfire.handler.IQHandler.process(IQHandler.java:49)
at org.jivesoftware.openfire.IQRouter.handle(IQRouter.java:349)
at org.jivesoftware.openfire.IQRouter.route(IQRouter.java:101)
at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:68)
at org.jivesoftware.openfire.net.StanzaHandler.processIQ(StanzaHandler.java:311)
at org.jivesoftware.openfire.net.ClientStanzaHandler.processIQ(ClientStanzaHandler .java:79)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:276)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:175)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:185)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.lang.Thread.run(Unknown Source)

This appears to be fixed with the 3.6 upgrade.

upgraded to 3.6. marked as answered.