Our company recently switched from one Active Directory (AD) domain to a new, larger global AD domain. We’ve been using Openfire 3.3.1 connected to the older domain for quite some time now with zero problems. We love the tool.
I just upgraded our Openfire server from 3.3.1 to 3.6.3 as part of the switch to migrating off the new domain and I’m having trouble tracking down an error. This error is repeating so fast that it’s filling up the 1.0MB error.log file every 1-2 minutes.
2009.02.04 19:26:14 [org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroup(LdapGroupProvider.java:91)] org.jivesoftware.openfire.group.GroupNotFoundException: Groupname Content Services not found
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:855)
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:782)
at org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroup(LdapGroupProvider.java:83)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:278)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:257)
at org.jivesoftware.openfire.group.GroupCollection$UserIterator.getNextElement(GroupCollection.java:103)
at org.jivesoftware.openfire.group.GroupCollection$UserIterator.hasNext(GroupCollection.java:66)
at org.jivesoftware.openfire.roster.RosterManager.getSharedGroups(RosterManager.java:162)
at org.jivesoftware.openfire.roster.Roster.<init>(Roster.java:105)
at org.jivesoftware.openfire.roster.RosterManager.getRoster(RosterManager.java:86)
at org.jivesoftware.openfire.handler.IQLastActivityHandler.handleIQ(IQLastActivityHandler.java:52)
at org.jivesoftware.openfire.handler.IQHandler.process(IQHandler.java:49)
at org.jivesoftware.openfire.IQRouter.handle(IQRouter.java:351)
at org.jivesoftware.openfire.IQRouter.route(IQRouter.java:101)
at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:68)
at org.jivesoftware.openfire.net.StanzaHandler.processIQ(StanzaHandler.java:319)
at org.jivesoftware.openfire.net.ClientStanzaHandler.processIQ(ClientStanzaHandler.java:79)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:284)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:176)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:133)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:185)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
This error is for group “Content Services” but each error typically has a different group in it.
Most of the groups don’t actually appear to exist in either the new AD nor the old AD. But there was a lot of data mashed together as part of the consolidation into a larger global AD, I wouldn’t be surprised if some of the user objects reference groups that don’t exist. But that’s just a wild guess.
From the stack trace and message above I’m having a really hard time tracking where this is coming from, and how to make it stop.
Here’s another snippet from the more verbose debug.log:
2009.02.04 19:30:44 LdapManager: Trying to find a groups's DN based on it's groupname. cn: Content Services, Base DN: DC="removed",DC="removed",DC="removed"...
2009.02.04 19:30:44 LdapManager: Creating a DirContext in LdapManager.getContext()...
2009.02.04 19:30:44 LdapManager: Created hashtable with context values, attempting to create context...
2009.02.04 19:30:44 LdapManager: ... context created successfully, returning.
2009.02.04 19:30:44 LdapManager: Starting LDAP search...
2009.02.04 19:30:44 LdapManager: ... search finished
2009.02.04 19:30:44 LdapManager: Group DN based on groupname 'Content Services' not found.
2009.02.04 19:30:44 LdapManager: Exception thrown when searching for groupDN based on groupname 'Content Services'
Any ideas?