Creating users with a read-only Auth Provider

Openfire prevents you from creating users if the configured UserProvider is read only.

However, when a user is created using the DefaultUserProvider, it uses the configured AuthProvider to set the password. If the AuthProvider does not support the setting of passwords (eg. the HybridAuthProvider), then a user will be created with a null password.

This means that the user is unable to login.

Note that attempting to reset the password via the admin console results in a "not supported" message.

I'm not sure what the correct approach should be;

1) Prevent the creation of users if the AuthProvider is read-only

2) Warn the administrator after creating the user that the password cannot be set, similar to the password reset.

3) Something else?