Hello all -
We are using Openfire 3.6.0a with Active Directory querying LDAP port 3268 for the entire forest. I have now run into 6 random users that are unable to login at all through Spark. Also, I am unable to find these people when using the ‘Search’ feature in Spark or using the ‘User Search’ feature on the Openfire Server console.
The affected accounts are all active and have no settings/group policy that prevent them from being found in Spark or through LDAP. I have gone through every Active Directory Attribute for these people in ADSIEdit and see no differences in their accounts. I CAN find these people using different LDAP lookup utilities, so I know this is not a domain or LDAP issue.
The work around is to delete or create a new Active Directory account for these people with a different User Logon Name (pre-windows 2000).
With a couple of the affected people, I have attempted changing the Alias, with no luck. I have found that to get this to work, I must delete their current account, or create a separate domain account for them, with a different Pre-Windows 2000 logon name.
For example in Active Directory, John Doe with a logon name of ‘DoeJ’ can not be found in Spark through searching nor can they log in. If I create a different account with ‘Doe’ as the new logon name the person is found.
I have even deleted the ‘DoeJ’ account (and what a headache that is to recreate the users profile, mail, etc…), allowed for replication across the forest to occur, then recreated another account with ‘DoeJ’ and it still does NOT work…
It seems that Openfire just does not like random User Logon Names and will not work with these people.
Does anyone have any information or thoughts on this? Of course, the VP of HR is one of the few affected people and recreating her account is not an option, and creating secondary accounts for people just are not a realistic solution (security reasons, password change policy headaches, etc. just for secondary ‘IM’ AD accounts).