[SOLVED] LDAP plugin not showing avatar/jpepPhoto

moscardo · January 25, 2019, 1:16pm

Hi,
I have set up xwiki with LDAP authentication and it works fine, but avatar is still not being shown in the users profile.

The config is:

# 
# LDAP company
#
#-# LDAP authentication service
xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl

#-# Turn LDAP authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap=1

#-# Enable local accounts in addition to LDAP.
#-# Without this setting you will be unable to log into XWiki with local accounts.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.ldap.trylocal=1

#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
#-# The default host is localhost
xwiki.authentication.ldap.server=ldap.company.de


#-# LDAP credentials, empty = anonymous access, otherwise specify full dn
#-# {0} is replaced with the user name, {1} with the password
#xwiki.authentication.ldap.bind_DN=
xwiki.authentication.ldap.bind_DN=cn=account,cn=Admins,dc=company,dc=org
xwiki.authentication.ldap.bind_pass=ourpassword

#-# The Base DN used in LDAP searches
xwiki.authentication.ldap.base_DN=cn=Users,dc=company,dc=org

#-# Retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
#-# By default the list is empty
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail,avatar=jpegPhoto

#-# [Since 1.3M2]
#-# On every authentication update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki
#-# account is created.
#-# - 0: only when creating user
#-# - 1: at each authentication
#-# The default is 0
xwiki.authentication.ldap.update_user=1

#-# [Since 8.1M2]
#-# Specifies the LDAP attribute containing the binary photo
#-# The default is thumbnailPhoto
xwiki.authentication.ldap.photo_attribute=jpegPhoto



#-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name
#-# The default is cn
xwiki.authentication.ldap.UID_attr=uid

#-# LDAP query to search the user in the LDAP database (in case a static admin user is provided in
#-# xwiki.authentication.ldap.bind_DN)
#-# {0} is replaced with the user uid field name and {1} with the user name
#-# The default is ({0}={1})
#xwiki.authentication.ldap.user_search_fmt=(uid={0})



xwiki.authentication.ldap.ssl=1
xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider

#-# [Since 8.1M2]
#-# On every authentication update photo from LDAP to XWiki avatar otherwise photo will not be updated.
#-# - 0: never
#-# - 1: at each authentication
#-# The default is 0
xwiki.authentication.ldap.update_photo=1

The logs are here:

2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member] 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Connecting to LDAP using SSL 
2019-01-25 11:46:45,115 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Connection to LDAP server [ldap.company.de:636] 
2019-01-25 11:46:45,123 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=account_view_only,cn=Admins,dc=company,dc=org] 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - Getting the list of user fields to synchronize 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - LDAP avatar photo synchronisation is enabled 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - LDAP avatar photo field name: jpegPhoto 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - LDAP user fields to synchronize: [sn, givenName, mail, jpegPhoto, jpegPhoto] 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - Searching for the user in LDAP: user [moscardo] base [cn=Users,dc=company,dc=org] query [(uid=moscardo)] uid [uid] 
2019-01-25 11:46:45,170 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.PagedLDAPSearchResults - LDAP pagined search: base=[cn=Users,dc=company,dc=org] query=[(uid=moscardo)] attrs=[[sn, givenName, mail, jpegPhoto, jpegPhoto]] scope=[2] typesOnly=[false] pageSize=[500], cookie=[null] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -   - values for attribute [mail] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -     |- [John.moscardo@company.de] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -   - values for attribute [sn] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -     |- [James Moscardo] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -   - values for attribute [givenName] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    -     |- [John Smith] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - LDAP search found attributes [[{name=dn value=cn=John Smith James Moscardo,cn=Users,dc=company,dc=org}, {name=mail value=John.moscardo@company.de}, {name=sn value=James Moscardo}, {name=givenName value=John Smith}]] 
2019-01-25 11:46:45,172 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=John Smith James Moscardo,cn=Users,dc=company,dc=org] 
2019-01-25 11:46:45,178 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConnection    - Binding to LDAP server with credentials login=[cn=account_view_only,cn=Admins,dc=company,dc=org] 
2019-01-25 11:46:45,179 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - LDAP attributes will be used to update XWiki attributes. 
2019-01-25 11:46:45,179 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - Updating existing user with LDAP attribues located at [cn=John Smith James Moscardo,cn=Users,dc=company,dc=org] 
2019-01-25 11:46:45,180 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPUtils         - Start synchronization of LDAP profile [[{name=dn value=cn=John Smith James Moscardo,cn=Users,dc=company,dc=org}, {name=mail value=John.moscardo@company.de}, {name=sn value=James Moscardo}, {name=givenName value=John Smith}]] with existing user profile based on mapping [{mail=email, givenname=first_name, jpegphoto=avatar, sn=last_name}] 
2019-01-25 11:46:45,180 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication succeed with principal [XWiki.moscardo] 
2019-01-25 11:46:45,181 [http://xwiki.company.de/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null 
2019-01-25 11:46:45,185 [http://xwiki.company.de/bin/view/Main/] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: XWiki.moscardo

tmortagne · January 25, 2019, 1:38pm

Are you sure about the attribute name ? The log suggest that no value was returned by the server for this field name.

You should not put the avatar in here. Dealing with it is xwiki.authentication.ldap.photo_attribute job.

moscardo · January 25, 2019, 2:46pm

I just removed this.

And this is my ldap attribute:

I am missing something?

Thanks.

tmortagne · January 25, 2019, 3:07pm

Looks correct. No idea why the server does not send back any value for the jpegPhoto then.

In theory the authenticator should log something for it under

LDAP pagined search: base=[cn=Users,dc=company,dc=org]

that looks like

- attribute [jpegPhoto] is binary

moscardo · January 25, 2019, 3:29pm

I think the LDAP server is not returning the photo due to permissions.

I will try to bind with different user to see what happens.

Thanks.

moscardo · January 25, 2019, 4:02pm

That was it! Now working. Thanks.

tmortagne · January 25, 2019, 4:07pm

Cool I was starting to worry