Openfire returning error when using userPrincipalName

Hi,

I’m trying to configure OpenFire to use Active Directory and everything works fine until I select userPrincipalName for

User Mapping. Then I’m getting following error:

HTTP ERROR 500

Problem accessing /user-summary.jsp. Reason:

Existing at-character at the first character of the string indicates that an empty node part

is provided. This is illegal. Offending value: ‘@de.root.net’

Caused by:

java.lang.IllegalArgumentException: Existing at-character at the first character of the string

indicates that an empty node part is provided. This is illegal. Offending value: ‘@de.root.net’

at org.xmpp.packet.JID.getParts(JID.java:567)

at org.xmpp.packet.JID.(JID.java:464)

at org.jivesoftware.openfire.ldap.LdapUserProvider.loadUser(LdapUserProvider.java: 97)

at org.jivesoftware.openfire.user.UserManager.getUser(UserManager.java:234)

at org.jivesoftware.openfire.user.UserCollection$UserIterator.getNextElement

(UserCollection.java:105)

at org.jivesoftware.openfire.user.UserCollection$UserIterator.hasNext

(UserCollection.java:68)

at org.jivesoftware.openfire.admin.user_002dsummary_jsp._jspService

(user_002dsummary_jsp.java:242)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:547)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1359)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1330)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:74)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1330)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter

(SetCharacterEncodingFilter.java:50)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1330)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:78)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1330)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:164)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter

(ServletHandler.java:1330)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:478)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:22 7)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:94 1)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186 )

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875 )

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)

at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle

(ContextHandlerCollection.java:250)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:149)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)

at org.eclipse.jetty.server.Server.handle(Server.java:349)

at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)

at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete

(HttpConnection.java:919)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:582)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51 )

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.jav a:586)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java :44)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598 )

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)

at java.lang.Thread.run(Unknown Source)

Powered by Jetty://

When I use sAMAccountName for user searches it works just fine, but the problem is, that for our

forest it is not a suitable solution. There are users (myself included) that have same user account name

in different domains (like john@pl.root.net and john@de.root.net) and then OpenFire will not find

them.

Any ideas what this error means and where is it coming from ? Unfortunatelly I’m not skilled in java

so I’m not quite sure what could be wrong with this @de.root.net domain

BR

Pawel

Did you solve this?

I am having the same problem.

I cannot configure UPN or Mail to be the User Mapping. It only appears to work if I use sAMAccountName.

I’ve tried userPrincipalName and Mail, but it errors with

HTTP ERROR 500

Problem accessing /setup/setup-admin-settings.jsp. Reason:

Server Error

Caused by:

java.lang.IllegalArgumentException: Illegal JID: jgq85@domain.com@hqopenfire

The reason you can’t use serPrincipalName and Mail, is because it adds an ‘@’ to the jid, the JID can only have the single ‘@’. You could always use a custom/unused AD attribute…but then you would have to create add the info manually. IF your running exchange, and if your exchange aliases are different for every user, you could use that. If I recall, I think its mailNickname.

Cool thanks, that makes sense now.

Any chance you happen to know how to exclude certain users/groups from showing up? I have filtered down to OU but there’s all these groups showing up and also account names in the shared group I created that shouldn’t be in contacts list.

Is the only way to remove those to move the accounts to a different OU?

john,

this should point you in the right direction

How to Setup Authentication Groups with LDAP/AD