Real-time updates for LDAP groups

Has there been a JM issue opened for this problem yet?

I have not seen any JM issues created yet, can someone please add this issue?

I am also experiencing this. If I have a shared roster of a LDAP group (Active Directory) and I remove someone from that group it is only reflected in the shared roster if I stop and restart the server.

Nathan

Also to note is that when I remove that person from a group in the admin console under group summary it shows the correct # of members. But when I click on the group itself it still shows the user that I removed. Counting all the users in the list doesn’'t match the count that it shows in the summary.

Nathan

Message was edited by:

npalmer

Any LDAP operations done in JM are read only. So using the admin console to delete a user will not work.

I’'m not doing any user maintenance in the admin console itself. When I refer to deleting the user I mean I removed that user from the Active Directory group.

Nathan

Message was edited by:

npalmer

For anyone having this problem.

Enable ldap debug by setting the property:

Then take a look in your debug log and post your findings if any.

Greg

I did that. The logs are very large so I put them on the web. You can download and look at them here.

http://www.nathanpalmer.com/files/logs.zip

This is what I did.

  1. Changed configuration to enable ldap debugging

  2. Started JiveMessenger

  3. Logged in two clients. One that is in the IT group and one that is not.

  4. Added the one that is not in the IT group to the IT group using Active Directory.

  5. Logged out the user that was already a member of the IT group and logged back in to see if there were any changes in his roster.

  6. No changes.

Nathan

So in all JM not updating its LDAP information in a timely fashion and XMPP presence for LDAP grouped users is broken? Anybody other than me seeing both of these issues together?

npalmer,

Look at your debug log. There are several users that JM is having a hard time finding. Is there any reason why JM is having a hard time finding these specific users? Specifically look at the lines that look like this:

2005.08.10 11:03:10 Error populating user with DN: CN=Noel Portugal,CN=Users,DC=DCS-SLC,DC=DSD,DC=com

org.jivesoftware.messenger.user.UserNotFoundException

This error is given when trying to populate this user into a group. Is there something special about these users. Is this user excluded by your user search filter? Because you have several of these errors in your debug log it is likely that this is the cause of your problems.

Greg

Poppa Smurf,

Could you enable ldap debug and post your findings like npalmer did. Thanks.

Greg

Here are my logs.

http://www.prepsportsonline.com/logs.zip

  1. Stopped Jive messenger service

  2. Changed debug to true

  3. Started Jive Messenger service

  4. Signed on as user pdowson

  5. Signed on as user sanderson (no change to pdowson roster)

  6. Signed off as pdowson and signed on again (pdowson online on sanderson roster)

  7. Signed off as sanderson and signed on again (no change to pdowson roster)

  8. Signed off as pdowson and signed on again (no change to sanderson roster)

  9. Signed off and exited program as sanderson (no change to sanderson roster)

Hope this helps.

TIA

pdowson,

While looking at your debug logs I noticed one thing that caught my eye. I saw this exception being thrown multiple times:

2005.08.11 08:09:21 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=Jessica Anderson,CN=Users…

2005.08.11 08:09:21 Created context values, attempting to create context…

2005.08.11 08:09:21 Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at org.jivesoftware.messenger.ldap.LdapManager.checkAuthentication(LdapManager.jav a:315)

at org.jivesoftware.messenger.ldap.LdapAuthProvider.authenticate(LdapAuthProvider. java:91)

at org.jivesoftware.messenger.auth.AuthFactory.authenticate(AuthFactory.java:97)

at org.jivesoftware.messenger.handler.IQAuthHandler.login(IQAuthHandler.java:221)

at org.jivesoftware.messenger.handler.IQAuthHandler.handleIQ(IQAuthHandler.java:14 1)

at org.jivesoftware.messenger.handler.IQHandler.process(IQHandler.java:48)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:213)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:73)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReader.processIQ(SocketReader.java:258)

at org.jivesoftware.messenger.net.ClientSocketReader.processIQ(ClientSocketReader. java:43)

at org.jivesoftware.messenger.net.SocketReader.readStream(SocketReader.java:230)

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:111)

at java.lang.Thread.run(Unknown Source)

Does JM give proper presence for you when using the default group provider (database)? Describe the problems you are seeing in more detail.

I’‘m not altogether sure what you mean. What I am seeing is that JM is not giving the clients connecting to the server the updated status of other clients. So when one client disconnects, it is not reflected on the roster’'s of other clients.

Does that make sense. To be honest the debug logs dont really make much sense to me.

Yes. The two users that were getting the exceptions are not part of my user filter but are part of my group filter. I changed it so my group filter only showed a special group that only has members that are part of my user filter. This got rid of those exceptions but the behavior is still the same.

So… when I add or delete a user from an LDAP group that is part of a shared roster… is it supposed to update the shared roster for all connected clients? Does Jive Messenger periodically poll the LDAP in order to do this?

Nathan

Is there any update on this issue? I am wondering if I should just roll back to an older version or is someone working on it?

TYIA

I have not heard anything new. But it needs to go back to the top of the forums list as other users are now speaking out about the problem.

We are going to address the issue of updating groups outside of JM, adding/removing users from groups or adding/removing groups. Presently you have to restart Jive if you want to see updates LDAP info.

The problem of how to fix this issue is semi-complex, it could end up being expensive in terms of CPU/memory.

This issue has been filed as JM-379.

As to the issue of user presence not being updated, the source of this problem has not been tracked down yet. It does not happen in all instances. It could be related to the above mentioned problem. Does this issue happen right after you start JM or do you have to make a change on the LDAP side before this issue occurs?

Greg

In my case its as soon as JM is started

In my case its as soon as JM is started

Thats the case for me as well.