LDAP Sync

Hi Guys,

I’ve got my setup with LDAP on a 4.0.2 version of Openfire. All is working well generally but i’ve noticed changes to AD are not synching through.

While both issues are to do with LDAP sync I think they might be separate:

  1. For example we list users job titles in AD - if someone changes title, it doesn’t sync through.
    It seems as though the vcard table doesnt get updated.

  2. If someone leaves, I remove them from the SG - they disappear from the Admin Portal under “Users/Groups” but they still show in Spark on the end user machine.

Is there a way to force the sync or clear local cache on Spark for all users?

I’ve tried searching the community and elsewhere but can’t get a definitive answer.

Thank in advance.

Can anyone point me in the right direction?

I have been facing the same issue in my setup.

however i figured it out by following two options.

First i edit the LDAP configuration and it seems that users get updated, their group memberships seems to be same and they can join chatrooms as well. ( I have mapped the chatrooms with AD grops and is set to members-only.) group membership updated after i edit the LDAP config.

but my Roster which is also mapped with sahred group seems not to be working fine. i tried alot but Roster still remain the same (unchanged) however in user group membership it shows the correct group membership.

Last resort! which worked for me for everything, right from user updation, group membership, Roster listing, shared group all set good and updated by only restarting the openfire service.

Hi,

just want to update you that i have figured it out.

all you have to reset the cache for VCard, Roster, Users & group and it works like a charm for me.

Openfire admin console --> Server --> Server Manager --> Cache Summary, select the above mentioned and clear the cache.

try login user with ad credentials and it will get latest information from AD.

1 Like

Thanks for the reply @Basit Khan

Clearing down the server-side cache and restarting the openfire service was the first thing I tried. No change.

I think my last resort would be to change the setup complete status to false again, then rerun the setup… I don’t really want to have to do that every time someone leaves the department. Seems pretty drastic! So I was hoping there was an undocumented way of forcing a sync elsewhere.

I haven’t tested it, but it might help point you in the right direction. Take a look at cache.ldap.maxLifetime, I don’t know if this will initialize a refresh of any other related cache, so you might have to play with the other user/group caches as well.

cache.userCache.maxLifetime

cache.username2roster.maxLifetime

cache.group.maxLifetime

cache.userGroup.maxLifetime

How to configure Openfire’s caches

Interesting… I didn’t think to clear the cache of the groups etc…

I might try clearing all caches down manually first. If that works, then it’s proof of concept - changing the cache max life times would ensure a more regular sync.

I’ll have to do this out of hours now so I will give it a go and report back. Thanks

Cleared down all caches, restarted openfire service - even rebooted the server (for the hell of it) - still no sync…

Stumped!

first of all, check Your current config. Does it accomplish tests ? (LDAP config)

It does.

As mentioned before:

Issue 1 - Admin portal doesn’t display vCard info, but vCard info doesn’t seem to get updated with AD changes.

Issue 2 - User is removed from admin portal once you restart the openfire service, but doesn’t get removed from Spark.

I’m pretty sure the LDAP sync works, just not as you’d expect it to (i.e: it doesn’t do a full refresh). The 2nd issue is the main one for me, and the more I think about it the more i’m leaning towards it being a client-side cache issue but cannot find any documentation referring to client-side cache for spark.

Yeah I faced similar problem to Your’s. at least You can delete local spark profile…but its not resolution.

About vCard’s, there were some settings to store them locally (openfire)…but cant remember where it was