Problem with Openfire + LDAP + Roster

Prashant · February 6, 2008, 4:28pm

Hi,

I cannot automagically see the users recently added in the ldap either in the openfire web admin ui or the spark client. However if I query for the user using advance user search option, I can see the users. This also happens for the group queries. All the users in the ldap share the same objectclass and are member of the primary group users and then members of various other groups also. The newly created users can login from the spark. My search filters used in the openfire.xml are

<ldap>
<host>1.2.3.4</host>
<port>389</port>
<baseDN>dc=example,dc=com</baseDN>
<adminDN>cn=Manager,dc=example,dc=com</adminDN>
<adminPassword>password</adminPassword>
<connectionPoolEnabled>true</connectionPoolEnabled>
<sslEnabled>false</sslEnabled>
<ldapDebugEnabled>true</ldapDebugEnabled>
<autoFollowReferrals>true</autoFollowReferrals>
<usernameField>uid</usernameField>
<searchFields>Username/uid,Name/displayName</searchFields>
<nameField>cn</nameField>
<emailField>mail</emailField>
<searchFilter><![CDATA[(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(!(uid=*$))(!(uid=root)(!(uid=subbu))(!(uid=nobody))(!(uid=guest))((uid={0})))))\]\]\></searchFilter>
<groupNameField>cn</groupNameField>
<groupMemberField>memberUid</groupMemberField>
<groupDescriptionField>description</groupDescriptionField>  <groupSearchFilter><![CDATA[(&(|(objectClass=posixGroup)(objectClass=sambaIdmapEntry))(!(cn=*$))((cn={0}))))\]\]\></groupSearchFilter>
<clientSideSorting>true</clientSideSorting>
<posixMode>true</posixMode>
</ldap>

The system properties are :

cache.ldap.maxLifetime=120000
cache.ldap.size=131072
cache.username2roster.maxLifetime=120000
cache.username2roster.size=131072
ldap.authCache.enabled=false
ldap.override.avatar=true
register.inband=false
register.password=hidden
update.lastCheck=1202306072440
xmpp.audit.active=true
xmpp.audit.days=-1
xmpp.audit.filesize=10
xmpp.audit.iq=false
xmpp.audit.logdir=/opt/openfire/logs
xmpp.audit.logtimeout=120000
xmpp.audit.message=true
xmpp.audit.presence=false
xmpp.audit.totalsize=1000
xmpp.auth.anonymous=false
xmpp.client.compression.policy=optional
xmpp.domain=email.mobiapps.com
xmpp.server.compression.policy=optional
xmpp.session.conflict-limit=0
xmpp.socket.ssl.active=true

For ref: I am using openldap-2.2.13-8.el4_6.2 coupled with samba and openfire-3.4.4-1

How should we resolve this issue of ldap users not being seen either in the web ui / spark client’s roster

Regards

Prashant

NO_MESSAGES_OR_FRIEN · February 6, 2008, 4:38pm

How long after adding users to the LDAP are you waiting to see if they show in Openfire.

Prashant · February 7, 2008, 11:52am

The users were added around 36 hours back and the server was restarted around 20 hrs back

Server Properties

Server Uptime: 20 hours, 2 minutes – started Feb 6, 2008 9:00:12 PM

Version: Openfire 3.4.4

Server Directory: /opt/openfire

Server Name: im.xyz.com

Environment

Java Version: 1.6.0_03 Sun Microsystems Inc. – Java HotSpot™ Server VM

Appserver: jetty-6.1.x

OS / Hardware: Linux / i386

Locale / Timezone: en / India Standard Time (5 GMT)

However it is intriguing that these users not show in the page users/groups page of the openfire admin console can login into the system using any im client like spark, psi

regards

prashant

NO_MESSAGES_OR_FRIEN · February 7, 2008, 1:30pm

Are there any errors in the servers logs. You may need to enable debug. You could also clear all the server caches.

Prashant · February 7, 2008, 3:39pm

Hi,

one more information …

when a particluar user is chosen , hist group associations show none where as in the ldap he is associated with one or more groups.

Prashant · February 7, 2008, 4:02pm

i was able to get the users listed but still the problem persists about the group associations not being shown for any user in the users tab

i cleared the cache by server manager --> Cache Summary --> check all --> clear selected …

but there is one more problem … the user presense is not proper

User A belonging to the same group logs in
User B belonging to the same group logs in

User B sees User A online but User A cannot see User B online … likewise when the users are offline the status does not change to offline … the spark in the User B is logged in still shows User A online

and if User C logs in he cannot see the User B, User A being online.