Hello all -
Currently running Openfire 3.6.0a and have it configured to search Active Directory over port 3268 so it searches the entire Forest for users. It works great but I now have 2 users that are unable to log in to Openfire via Spark. If there are 2, I am sure more will pop up.
When I search their names in my Spark client, they do not appear. For some reason these two random accounts are not found in the LDAP lookup. Any clues???
The accounts are active and have no group policies that would prevent them from connecting or hidden from any LDAP search. There is nothing ‘unique’ or ‘different’ about their domain accounts. I have also verified that the alias’ match the username, but no joy.
Thanks for any input or steps to test.
Hello all - I have found the issue… And it is due to the way Openfire Auto creates accounts when performing LDAP lookups.
I have figured out why random users are not found in the LDAP search with Spark/Openfire. I have configured Openfire to search the entire forest (port 3268) for users in our organization - obviously this includes all of our child domains in the forest.
When Openfire queries AD, it completely ignores the child domain and only looks at the pre-windows 2000 user id. If there are two user id’s that match identically, Openfire does not know what to do with them, so the application simply does not return a result for that person.
For Example - John Doe in Child domainA would have the pre-Windows login of ‘domainA\doej’. Jane Doe in Child domainB would have the pre-windows login of ‘domainB\doej’. Openfire ignores the ‘domainX’ information and will not create an Openfire account for the users since they both have the ‘doej’ username.
I am working to configure Openfire to include the domain in the Openfire login name, but havent tested as of yet, nor know what implications this will have to existing users. I will update at a later date when I have that information.