Modifying User Lists

Okay here is our issue. By default when you specify an AD container in your LDAP settings (assuming you are integrating with active directory). Your user and group list is pulled and apparently stored in a database on the Openfire server.

What I am trying to figure out is how to remove names of past employee’s quickly from the user list displayed in the Spark client. For instance when an employee leaves the company, if their account is disabled it apparently still display’s in the Spark client. I have deleted a couple old user accounts and they still appear in the client.

I am trying to determine at what interval the server polls AD for these types of changes? And how/when does it purge old non-existant accounts?

We have many OU’s in which users are catergorized so inputting each OU into Openfire is not an option. If I did this, then maybe I could simply move disabled users to a specific OU that openfire did not look at and have the server update to relfect these changes.

Please advise on how to handle this situation.


Maybe what you could try is make just 2 groups, one for “active” and one for “inactive” users, making sure active users are part of the active group.

This would prevent you from having to implement all the OUs in your company, and you could just remove inactive users from that group and/or filter rosters based on it.

Other than moving the disabled users to an OU outside of the baseDN you could use a user filter to filter users by their account status. If you do an advanced search by all dates there are many examples in the community of such filters.

See below.

I never really noticed.

Is there a way to actually specify AD based groups to allow and

disallow access on the openfire server instead of using ldap at the

root of the directory tree to encompass all users spread throughout

multiple OU’s?

If so than that sounds like the easiest way to go.