New AD users don't appear in their group on the server

I’m using Openfire 3.5.1 for a small company. Two days ago I created 13 new users, removed them from the “Domain Users” group and added them to a group called “Chat Users.” Though these users can log in, they do not appear in the “Chat Users” group in the Openfire admin console, and don’t show up on anyone’s automatic contact list. I’ve restarted the server, and all clients have logged in and logged out over the course of two days, and these 13 new users still don’t appear in the roster. I don’t see any relevant messages in any of the logs, either.

The settings for the Chat Users group are as follows:

Contact List Sharing - Enabled

Contact list group name - Company Name INC

Share group with additional users - checked, All Users (note, the new users DO see this group, they just aren’t in it)

I apologize if this is a just a dumb caching or restart issue, but I can’t figure it out.

Thanks so much,

Daniel

is there a reason you made removed the users from the domain users group? Are they never going to login to domain resources? I would put that group back, then clear the cache on the openfire server, and restart openfire itself.

That’s correct, they’ll never be using domain resources. It’s a doctor’s office, and they will be using OpenFire for silent pages in exam rooms, so I created users examroom1, examroom2 etc with weak passwords. I’d rather not give them access to other domain resources.

I’ll look into clearing the cache and report back shortly, thanks.

Clearing the cache didn’t help. I guess the problem is that users have to be members of the Domain Users group to be able appear as part of roster.

Is this the case? Is there anything I can do under the hood to modify this behavior?

I installed OpenFire yesterday and had almost the exact same behavior but I found a way around this problem. We also do not use the default users group. In our case we are a big company with dozens of OU’s defined and we only wanted one department to have access to IM.

When we started the server and configured the AD LDAP all seemed good, I was able to log in to the server.

I then asked an IT tech to log in and he was able to get in. The problem was, neither of us could see each other on the roster and we both could not see any “offline” users.

I quickly realized that this was because we had all the users in an OU (so we could manage with policies) but there were no groups in the OU and OpenFire needs “groups”. So we added a group to the OU. The group took a while to show up in the admin console, which I suppose may be a caching thing, but eventually it was there.

Then I added a few users to the group (from the AD management console of course, not the OpenFire admin). After the users were added to the group I went into the Openfire admin and enabled “contact list group sharing” and specified the group name (I discovered long ago that if you don’t add the name nothing shows in the roster despite what the docs may say). The 5 users that I had added to the group appears on my roster and I thought I was in great shape.

Unfortunately, I soon discovered a problem when I added the next user in the OU to the new group. I waited 30 minutes after adding the user but still he did not appear in the roster. So after 30 minutes, I checked “Disable contact list group sharing” and pressed “Save”. Then I re-checked "Enable contact list group sharing " and pressed “Save” and the user appeared!

So, it does look like some sort of bug but the work-around is relatively easy, albeit annoying. Just don’t forget to cycle the “group sharing” status every time you add or delete users. Hopefully this will be fixed in a future release.

Hope this helps

Apparently in my configuration the users don’t show up in the roster of their “Primary Group,” they only appear in the additional groups they belong to. I figured this out because I re-added the Exam Room users back into “Domain Users,” and the appeared there, but no one else did. I solved this by removing them from “Domain Users” and adding them to “Domain Guests” (providing me with the security functionality I want), and then setting their “Primary Group” to “Domain Guests.” Now they all show up in the tertiary “Chat Users” group that contains the roster of everyone that I want to chat together. I think this issue has been discussed before in the forums, but I did not realize my problem was related to the “Primary Group,” I thought it had to do with the newness of the users.

Thanks for the tips.

  • Daniel