I’ve been lurking on the forums for a while, but this is my first post! I apologize if this is an issue that has popped up before.
So, I am running a server in which some users have access to some channels, but not others, this is for security. I use groups to gate access to channels. For example, I have a general channel and a management channel. Then two groups to go with that which have the same names (general and management). To access the general channel, you have to be a member of the general group. The management group has access to the management channel, and is also set as a moderator of the general channel.
The problem I have is this - When a new user registers with the server, and an admin assigns the appropriate groups to them, the user is unable to join the channel which uses that group for access until the server restarts. The users always receive the message that they do not have permission to access the channel.
Like I said, this is fixed by restarting the server.
I am using 3.10 server version and 2.7 of the spark client. The VM is using CentOS 32bit.
Thanks for this interesting bug report! I assume you are exercising the new MUC room access control lists by group functionality? Otherwise, I am unsure what you mean by ‘channels’?
Curious if you are using the default Groups provider, or perhaps you are using LDAP for your installation? It seems you are experiencing a caching problem, and we have seen this type of caching behavior with LDAP in other parts of the product.
I’m using the Atlasssian Crowd authentication drivers, and I’m experiencing the following:
I have a room (testroom1), which is set to members-only and has a group (testgroup1) set as room members.
I create a user (testuser1) and add that user to testgroup1 in crowd.
Once the group membership gets pulled through (i can see in openfire that the user is a member of testgroup1) i login as that user and attempt to join testroom1. I get a “407: Registration Required” error. If i restart the openfire server, the user can join the room. I’ve also found that if i remove testgroup1 from the room’s ACL and then re-add the group, the user will get an invite to the room and be able to join.
I’ve tried leaving it quite a while between adding the user to the group and attempting to join, and this results in the same issue. The issue is starting to become quite a headache for me, as we’re supposed to be migrating our 1500+ users to this new installation very soon.
The problem seems to arise, for me at least, when the group ACL is already applied to a room and then a user is added to that group. If i remove and re-add the group to the ACL, then the users get access, hence why this repro wouldn’t work.