Questions about storing info to db... how to add/remove admins, set altbasedn

With the recent success of getting from 3.5.2 to 3.6.0a, I’ve been poking around a little and now have a few questions…

We previously added and removed admin console users via the openfire.xml file (between the authorizedUsernames tags). These seem to be entered straight into the database now, but there doesn’t appear to be an option in the admin console to add or remove administrators (or… I just can’t find it). Do we simply add users to the xml file to be drug into the database? How are users removed?

I am interested in testing the alternateBaseDN fix… but with all the info being put into the database, this question is similar to the one above. Can I put the value in the xml file and have it pulled in to the database? There is no place to put it in the profile settings…

Oh! One more thing - I tested the derefencing of aliases to fix the eDir alias bug and it works perfectly! Thank you!!!

If you are using the embedded database you may have difficulty. External databases you simply open the table and edit the correct row.

Yeah, I haven’t really found a way to edit the embedded database manually, and that’s what I’m using.

Even with an external database this isn’t very elegant. For us, and many others I would assume (but that’s just me assuming) the group of people who are going to (eventually…) be tasked with admin duties of Openfire don’t have the database experience to go in and manually edit tables. Even if they did, I’m not convinced it would be the best method… especially in our situation. Anytime we use an external database, it has to go to another group in the organization. Anytime we would need to make a change we would have to open a ticket with that group and the support model would get a little silly.


looks like we’ll be on 3.5.2 for a while


A quick googling found this tutorial: zer

It seems to work… although to test I copied the embedded-db/ to my PC and then connected to it with the DBVisualizer and it’s really really slow and likes to crash a lot. It’s not really the way I would prefer but hey, it works

edit 2: It’s the DbVisualizer program that’s slow and whatnot… it’s slow even when I don’t connect it to a db

The ebedded database really should only be used in a non-production environment (IMO). There are just too many limitations with management of the database. I use MySQL which has excellent gui tools for every major OS. This makes management as easy as point and click. See image below.


I mostly agree with you. This is supposed to be a temp solution for us at the moment, though… and, any “real” database needs to go to another group at my company so we decided against it.

But, I’m still not convinced it’s completely appropriate to manually trudge through a database for this sort of thing.

ugh… all that being said, I found that upgrading my java version made the dbvisualizer speedy and am ready to start changing stuff in the database. It’s not that bad at all

Which tables contain the items for admin console users and the ldap information?

edit: nevermind. found them!


the table is ofproperty. it contains it all in plain text.


While I was in there, I noticed (realized, rather… I feel dumb now) that this is also the table that contains the system properties such as cache settings, that can all be changed from the system properties portion of the server tab in the web admin console.

No direct editing of the database needed.



thx for the infos

i am running an embedded database, too. and i will edit and have a look with the dbvisualizer. But i need an username and pswd to connect with the file. I never entert an username or pswd. for the db. or which user i need?

which value must i edit in the db?

the .script file is the correct file to open with the dbvisualizer, or not?

sorry for the bad english


Message was edited by: busdi

Edit: I think i found the user it was “sa”, i am right?

but where must i edit?

Well, first I’d like to note that you really don’t need to manually edit anything since the values in question can be changed from the web Admin Console under Server > Server Manager > System Properties.

Assuming you still want to edit the database for whatever reason (removing old message archives needs to be done this way)…

If you get into the web admin console you can find all the info you need for connecting to the database under Server > Server Manager > Database

That will list the DB connection URL and the database username (SA). There is no password. Openfire looks like it is just using the default stuff for hsqldb.

in short:

point dbvisualizer at /embedded-db/openfire

username: SA

no password

and edit what you need to edit…

one more heads up: editing things with the free edition of dbvisualizer isn’t very click-and-type friendly. You’ll need to use it to connect to the database, and then use the sql script executer to run commands to update or delete data. Really I’m starting to wish I would have just bugged my database team and gone with mysql…

I must be getting old because the day 3.6 was released I entered a jira support ticket be cause all those values are in plain text on that page of the admin site. I think it is a security flaw to have passwords stored in plain text. Granted this version is slightly better than an xml file with plain text, but still not good. I can’t believe I forgot… early onset alzheimers here I come.

I am not sure what the default database username and password is. But most of the configuration can now be edited via the admin interface of openfire.

no problem…

I agree that it’s a security problem, but it’s a small risk since the only password stored in plain text is the ldap user’s password, which is a read-only account we set up so there’s not much damage that can be done if it got hijacked.