Enable PEP service for JIDs that are not backed by a User


Guus der Kinderen
June 5, 2020, 6:53 PM

For clarity: Openfire does not have a concept of a 'user' that is not a registered user (with the exception of a session that authenticated anonymously).

What is needed for the solution that Pervez is working on, is a way to associate data to JIDs that themselves aren't associated to a user account.

I dislike the principle, but have agreed to add this under a configuration option in the 4.5.x branch, allowing Pervez's solution to move forward without major rewrites on their end, given their current deadlines. This solution will, however, not be brought forward into future versions of Openfire.

June 2, 2020, 4:16 PM

We need both types of users: local end users (who have valid JID but don’t need to login to openfire) and still have the use of Private Storage (as in previous versions of Openfire)…
as well as Openfire LDAP users (Authorised Agent users - who can make commands on behalf of such end users).

To allay any security concerns, in this use-case, it will be a valid component component that creates the Private Storage entries for all users (whether registered or local-only)
Private storage is accessed by registered users (user-agent) only. Unregistered local users cannot access the private storage (as they can’t create a session)

In PUBSUB, node creation the creator/requester can be different from the end-user but for PEP nodes, the requester and end-user are one and the same – because there is only one jid parameter in the API that can be passed in.



Dele Olajide


Dele Olajide