[cisco-voip] Jabber 11.8 issue
Anthony Holloway
avholloway+cisco-voip at gmail.com
Fri Oct 20 13:55:21 EDT 2017
I have seen a very weird issue with only 1 or 2 users in an enterprise with
close to 2,000 users.
For some reason, if you login with your JID, Jabber checks for your mail
alias as a user ID first, and if none found, reverts back to the JID. I
might be explaining the process technically incorrect, but that's the gist
of it.
Why is this a problem? Well, if your email alias matches another user's
JID, then you cannot login.
*Logs when your email alias matches someone else's JID (Keep in mind
aholloway is my email alias and my JID is 45633):*
12:24:30.333 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE
userid='aholloway';]
12:24:30.333 | error| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress
and userid queries returned conflicting rows. Returning error
*Logs when your email alias does not match someone else's JID (aholloway is
email alias and JID is 45633):*
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE
userid='aholloway';]
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress
query returned row but not userid.
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: userid
set as [45633]
The environment was using employee numbers as User IDs for employees, while
using First Initial + Last Name (aholloway) for contractors. So, if user
Andrew Holloway, with email aholloway at company.com, and with employee ID
1234 logged into jabber with 1234 as their JID, Jabber would look up
aholloway in that SQL query you see up above, and find the contractor
Anthony Holloway with email aholloway2 at company.com and user ID aholloway.
Boom. Login failed.
Do I agree with any of that? Nope. But, it happens.
For what it's worth, they're using flexible JID, by using Directory URI as
the IM Address scheme, which we sync from AD mail attribute.
On Thu, Oct 19, 2017 at 11:15 AM Florian Kroessbacher <
florian.kroessbacher at gmail.com> wrote:
> Maby your IM and Prsence server are out of sync, and the user getd no one
> time password
>
> --
>
> Florian Krößbacher
>
> florian.kroessbacher at gmail.com
>
> <https://twitter.com/flohATinnsbruck>
> <https://plus.google.com/+FlorianKroessbacher>
> <https://www.linkedin.com/in/florian-kroessbacher-5a29a832?>
>
> Am 19. Okt. 2017, 18:11 +0200 schrieb norm.nicholson at kitchener.ca:
>
> I have a user getting this error:
>
>
>
>
>
> [image: image001.png]
>
>
>
> And she is the only Jabber user getting it. I have reset everything
> associated with the CSF but no joy.
>
>
>
>
>
> Any assistance would be appreciated
>
>
>
>
>
>
>
>
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
> *Norm Nicholson*
>
> *Telecom Analyst*
>
> *City of Kitchener*
>
> *(519) 741-2200 x 7000 <(519)%20741-2200;7000>*
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171020/4efa3135/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 29461 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171020/4efa3135/attachment.png>
More information about the cisco-voip
mailing list