Was having the same issue and found it was not a problem with the Spark client or the OpenFire server, it was an issue with the OU, there was a \ in the OU. Changed it to a dash and issue resolved.
I like your idea, but have a general question about security of logging the failed username to file. Do you think it creates a threat by which somebody could attempt to log in with a malicious username just to get it written to the log for later exploit? I am probably off the reservation here?