powered by Jive Software

Unable to search for one user - everyone else okay

Weird issue.

We have one person in our organization that can not be found in Spark search or through the Openfire admin console.

I can perform searches for anyone else in our organization and successfully resolve them, but not this one person.

We are using this with AD - I can see the user in ADUC, and can search for this person using other LDAP tools - just not with Openfire or Spark.

I have even deleted this person’s domain account and recreated it without any luck. Yes I have forced replication thru the domain as well as waited 24 hours just in case there was a weird replication issue.

Also, this user is unable to log onto the server (from any PC). An error is returned that says Invalid Username or password. The account looks perfectly fine in ADSI edit and I am positive the correct username and password are being used.

Any ideas?

Hello all - I have found the issue… And it is due to the way Openfire Auto creates accounts when performing LDAP lookups.

I have figured out why random users are not found in the LDAP search with Spark/Openfire. I have configured Openfire to search the entire forest (port 3268) for users in our organization - obviously this includes all of our child domains in the forest.

When Openfire queries AD, it completely ignores the child domain and only looks at the pre-windows 2000 user id. If there are two user id’s that match identically, Openfire does not know what to do with them, so the application simply does not return a result for that person.

For Example - John Doe in Child domainA would have the pre-Windows login of ‘domainA\doej’. Jane Doe in Child domainB would have the pre-windows login of ‘domainB\doej’. Openfire ignores the ‘domainX’ information and will not create an Openfire account for the users since they both have the ‘doej’ username.

I am working to configure Openfire to include the domain in the Openfire login name, but havent tested as of yet, nor know what implications this will have to existing users. I will update at a later date when I have that information.