we have an interesting problem with Openfire and shared groups.
Using Active Directory management tools:
we created an AD group “Group A”.
In this group we added some users “User A”, “User B”, “User C”.
User A has a DN of CN=“User A”,OU=“user here”, DC=“this”, DC=“that” and a sAMAccountName of “userA” - Call this User A-1
however in AD in another group (listed earlier in the structure) we have
User A has a DN of CN=“User A”, OU=“not the user here”, DC=“this”, DC=“that” and a sAMAccountName of “notUserA” - call this User A - 2
In the OpenFire web admin console view the Group A and see the user’s listed as members.
User A - 2, User B, User C
User A - 1, User B, User C
In the OpenFire web admin under the Groups summary tab User A - 2 is listed as being a member of Group A, not the User A - 1 that is actually listed as a member in Group A as configured in ActiveDirectory.
Essentially, it appears as though the user searching code matches on the CN and not the full DN which results in the wrong User A being listed as a member of the Group in OpenFire. In this case, it seems to find the first matching CN (User A) and returns that even though the full DN and sAMAccountName is different.
Please let me know if you have any questions - I will monitor this thread.