GLPI LDAP Mass Sync doesn't load thumbnails

[tomolimo]

Using GLPI 0.91 and GLPI LDAP Mass Sync. The users's thumbnails (users's pictures) are not loaded into GLPI. We must force synchronization to get them.

[orthagh]

With 0.90, sync ok ?

[tomolimo]

Hello I made a test with 0.90.1: it's OK users pictures are loaded from LDAP into GLPI. Thank you, Tomolimo

[tomolimo]

With GLPI 0.91, I got these errors running the LDAP mass import script from command line, when running with PHP 5.6.17 (x86)

2016-02-17 15:42:56 [@ARGLPID20] * PHP Warning(2): ldap_search(): Partial search results returned: Sizelimit exceeded Backtrace : : inc\authldap.class.php:1364 ldap_search() inc\authldap.class.php:1491 AuthLDAP::searchForUsers() scripts\ldap_mass_sync.php:156 AuthLDAP::getAllUsers() scripts\ldap_mass_sync.php:119 import() 2016-02-17 15:42:56 [@ARGLPID20] * PHP Notice(8): Undefined index: date_sync Backtrace : inc\authldap.class.php:1529 scripts\ldap_mass_sync.php:156 AuthLDAP::getAllUsers() scripts\ldap_mass_sync.php:119 import() 2016-02-17 15:49:05 [@ARGLPID20] *\ PHP Notice(8): Undefined variable: input Backtrace : inc\authldap.class.php:2062 scripts\ldap_mass_sync.php:164 AuthLDAP::ldapImportUserByServerId() scripts\ldap_mass_sync.php:119 import()

And when running with PHP 7, I got also a mysql module load error

With GLPI 0.90 and PHP 5.4, I also got error message for "LDAP Server size limit exceeded: user deletion disabled"

[orthagh]

since php5.6 (and glpi0.85), you could do a panigated search on ldap. See "Advanced information" tab in you ldap conf to enable it. It will avoid these "Partial search results returned" messages.

For the current topic, you could test, but i think this is not relative

[tomolimo]

I did the setting but it changed nothing

[orthagh]

@tomolimo, is this issue still valid ?

[tomolimo]

I'll check it on next Thursday. Regards

[tomolimo]

It is still valid. How can I help on this?

[orthagh]

In my tests with ldap_mass_sync.php script and with the help of phpdebug, i can retrieve pictures from an openldap.

As other informations, with default options of the script (action=1), picture synchronisation is effective only if user was never updated (i think this part is strange). With action=2, picture is force-updated

Could you test with option action=2 or clear date_sync fields of your glpi users before synchronisation and answer me your results ?

[tomolimo]

In fact this is already the action_type I'm using: Here is my command line:

L:\inetpub\wwwroot\glpi091\scripts>"C:\Program Files\PHP\v7.0\php.exe" -f ldap_mass_sync.php action=2 ldap_filter="(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(samaccountname=*$))(!(samaccountname=*_IWAY))(!(msExchResourceMetaData=ResourceType:*)))"

[orthagh]

What kind of ldap server did you use ? Active Directory ?

[tomolimo]

Yes Active Directory

[orthagh]

(fyi, Your logs files contains some structure of your directory, i got the files, i think you should now delete them)

[tomolimo]

done, thank you

[orthagh]

I'm currenlty managing to have an AD in our labo for test this issue. I'll let you know in the afternoon.

[tomolimo]

ok, thank you,

[tomolimo]

but don't forget that if I force the synchro, then the picture is correctly updated/uploaded

[orthagh]

yes, my tests will be with ldap_mass_sync.php script, is it ok ?

[tomolimo]

yes

[orthagh]

what is the name of the picture fields in your case ?

[tomolimo]

thumbnailphoto

[orthagh]

Did you have a simple todo to add a photo to an user in this directory ? :D

[tomolimo]

unfortunately not in my knowledge we are using an outlook web access addon... You may try this tool: http://www.codetwo.com/freeware/active-directory-photos/ (just found it on google)

[tomolimo]

I just tested this tool and it seems good enough to do what you need :smiley:

[orthagh]

I finally paste my photo as hexadecimal value in the attribute editor of active directory tool and i manage to import & sync without errors.

In your log, i can't understand why the picture appears in the sql queries. In the file authldap.class.php from line 2098 (add) or 2113 (update), a few lines ago, the picture input should be removed.

I pushed a try-commit for others errors (sha1 relative)

[orthagh]

Another commit finally, i think i found the issue for update. Please, test last master and let me know

[tomolimo]

After test: I no longer get errors in php nor in sql, but no picture has been imported (I checked the user who was going to be created in last sql error log).

If you look at the sql error messages: it was liked something was not correctly escaped in the picture string.

[tomolimo]

In fact it looks like the file content was inserted into DB instead of the file name itself

[orthagh]

no, picture should not be in this query. Picture sync is managed by functions User::post_addItem & prepareInputForUpdate.

A little check, is your user have his field authtype = 3 ?

[tomolimo]

authtype is 0 and auths_id is 0

[orthagh]

ok, i think we got it.

Could you check an already logged user (0 = not yet authentified), you by example ?

[tomolimo]

yes, would you like me to delete my picture and to start a mass_update?

[orthagh]

yes. please

[tomolimo]

I'm not sure it will be ok, as I still have the error LDAP server size limit exceeded: user deletion disabled

[tomolimo]

after test : my user picture is not updated (or my user has not been updates)

[tomolimo]

if I logout/login then it's ok: the picture is updated

[orthagh]

you should empty date_sync field before executing ldap_mass_sync

[tomolimo]

ok, I retry

[tomolimo]

I'm going to try with another logged in user :)

[tomolimo]

date_sync still null after ldap_mass_sync, my user has not been updated, probably the mentioned problem of the LDAP server size limit exceeded...

[tomolimo]

If I force a re-synch of my user, the picture is updated immediately, and of coursse the date_sync also :)

[orthagh]

When you do that, you also fix the ldap server, no ?

[orthagh]

for user with auths_id = 0, i mean

[tomolimo]

No I was speaking about my own user account, so I don't need to change authentication scheme, and my user account is already with auths_id=16

[orthagh]

ok for paging issue, you confirm this configuration in your case :

[tomolimo]

I've got this one:

[tomolimo]

So I'll try with unlimited

[tomolimo]

I made a new test with unlimited and then I got a complete refresh. I mixed this field with the page size which is 1000 for our AD. I'm going to retest the picture update with this.

[tomolimo]

Good news: If I clear the picture of my own user account, and start a ldap_mass_sync (without clearing the date_sync) then the picture is updated. Bad news: The previous user picture (with auths_id=0 and authtype=0) has not been updated (even if this user has been imported by the script in a previous call).

[orthagh]

yes for the second one, i confirm this behavior, i'll check for a fix tomorrow (i'm in pain with metacriteria now).

Good news for the first part anyway.