With HybridAuthProvider and HybridUserProvider, Openfire can be configured to use more than one provider. This is useful when the user base is spread out over more than one user store.
The existing solution operates on a first come, first serve basis. For most requests, the first provider that can fulfill the request does so.
Sometimes, it is useful to limit a request to a specific provider. An example of this could be a requirement to obtain users with administrative privileges from a different store than other users. The 'hybrid' solution makes no guarantee that a particular user is retrieved from a specific provider, as the first provider that matches the username will be used (see footnote).
It should be possible to "map" a particular username to exactly one provider, which will guarantee that a particular user is not obtained from another provider than the mapped one.
Footnote: the 'hybrid' solution can be configured to work with 'override' lists, that does allow for the functionality proposed here. This list, however, is a statically configured list, which offers little flexibility.