search

jellyfin / jellyfin-plugin-ldapauth

LDAP Authentication for Jellyfin
https://jellyfin.org
MIT License
108 stars 32 forks source link

Unable to synchronise profile photos with jpegPhoto #163

Open marissa999 opened 3 weeks ago

marissa999 commented 3 weeks ago

Hi, I am trying to sync photos via LDAP.

It seems like the photo is stored properly in LDAP. With the ldapsearch command I can see the jpegPhoto attribute with the base64-encoded photo.

ldapsearch -H ldap://LDAP_IP:389 -D "cn=jellyfin-ldap,ou=users,dc=ldap,dc=jellyfin,dc=DOMAIN,dc=TLD" -b "dc=ldap,dc=jellyfin,dc=DOMAIN,dc=TLD" -w "SUPERSECRETPASSWORD" -s sub "(memberOf=cn=jellyfin,ou=groups,dc=ldap,dc=jellyfin,dc=DOMAIN,dc=TLD)" -x

# mari, users, ldap.jellyfin.DOMAIN.TLD
dn: cn=mari,ou=users,dc=ldap,dc=jellyfin,dc=DOMAIN,dc=TLD
 b1976859b.jpeg
settings: map[locale:en]
jpegPhoto: /9j/4AAQSkZJRgABAQEASABIAAD/4gIoSUNDX1BST0ZJTEUAAQEAAAIYAAAAAAIQAAB
 tbnRyUkdCIFhZWiAAAAAAAAAAAAAAAABhY3NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAA
 9tYAAQAAAADTLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAlkZXNjAAAA8AAAAHRyWFlaAAABZAAAABRnWFlaAAABeAAAABRiWFlaAAABjAAAABRyVFJDAA
 ABoAAAAChnVFJDAAABoAAAAChiVFJDAAABoAAAACh3dHB0AAAByAAAABRjcHJ0AAAB3AAAADxtbHV
.........

I can also take the whole content of the jpegPhoto attribute, decode it, and I get the original jpeg-photo back.

But the synchronisation task does not seem to find the picture?

If I manually start the task I can see the following in the server logs:

Jun 09 18:01:04 mediaserver jellyfin[2507335]: [18:01:04] [ERR] Found no users matching 47d3e950ecde188d79edd36c4e3782950cb980a32b6123f61a25739275c60649 in LDAP search
Jun 09 18:01:04 mediaserver jellyfin[2507335]: [18:01:04] [WRN] User '47d3e950ecde188d79edd36c4e3782950cb980a32b6123f61a25739275c60649' is not found in LDAP. Cannot synchronize profile image.
Jun 09 18:01:06 mediaserver jellyfin[2507335]: [18:01:06] [ERR] Found no users matching 0c0db9192935c17672460432268b242a6fcc2f6e831cb4f081a507c416937faa in LDAP search
Jun 09 18:01:06 mediaserver jellyfin[2507335]: [18:01:06] [WRN] User '0c0db9192935c17672460432268b242a6fcc2f6e831cb4f081a507c416937faa' is not found in LDAP. Cannot synchronize profile image.
Jun 09 18:01:06 mediaserver jellyfin[2507335]: [18:01:06] [INF] LDAP - Synchronize profile images Completed after 0 minute(s) and 4 seconds

I can login through LDAP and also use the test buttons in the plugin settings to successfully find my user.

image

System: Jellyfin + Jellyfin-WEB: 10.9.3 OS: Arch Linux Installed through: Package manager (https://archlinux.org/packages/extra/x86_64/jellyfin-server/)

Installed Plugins: ![image](https://github.com/jellyfin/jellyfin-plugin-ldapauth/assets/8284445/38fcbb9e-0c6a-4a97-ac86-280ba571f1aa) (Note: SSO-Auth is configured to change the authentication provider to Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin, in case that is relevant)

Is there something obvious that I am missing?

ProjectPatatoe commented 3 weeks ago

I'm having trouble as well. I'm not sure what the plugin wants the format of the LDAP attribute to be in. Is it a URL to the image or is it a base 64 or is either ok?

marissa999 commented 3 weeks ago

I tried to figure out what exactly the plugin wants. It seems that base64 is standard, and that makes the most sense to me too. But I am not confident right now that the plugin expects base64

Looking at the source code I was able to find the following:

https://github.com/jellyfin/jellyfin-plugin-ldapauth/blob/917be3924846b0fa98fa5559d3105bba85911d6d/LDAP-Auth/LdapProfileImageSyncTask.cs#L100 Here it seems like a ByteValue is returned.

https://github.com/jellyfin/jellyfin-plugin-ldapauth/blob/917be3924846b0fa98fa5559d3105bba85911d6d/LDAP-Auth/LDAPAuthenticationProviderPlugin.cs#L539 And GetAttribute seems to be returning a LdapAttribute object.

The whole plugin seems to make use of Novell.Directory.Ldap

https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/5ff61fafa2d7b7fd0a9f4458e462bcb4f9970da9/src/Novell.Directory.Ldap.NETStandard/LdapAttribute.cs#L305 So looking at this it seems like ByteValue is an array of bytes.

But I can not figure out what exactly sets _value and how that is determined... That is where I stopped looking.

itzteajay-glitch commented 2 weeks ago

I'm definitely trying to understand this more. Currently working on getting this to sync through authentik who also treats avatars strangely just trying to get an understanding of how this works so I can implement it.

ProjectPatatoe commented 2 weeks ago

I'm trying to do the same thing, I asked the question in authentik but no response yet. https://github.com/goauthentik/authentik/discussions/10055

itzteajay-glitch commented 1 week ago

So in authentik I found this. It at least gives another option by allowing us to pass the URL to the image. I still haven't manged to get it to work in jellyfin though but now I have the image url. https://github.com/goauthentik/authentik/discussions/6824

itzteajay-glitch commented 1 week ago

So in plugins/configuration there is the LDAP-Auth.xml file that shows a place for the jpegPhoto details but no matter what I put in my "avatars" field I can't get that file to populate and update with a hash. Has anyone had luck getting the plugin to make changes here?

itzteajay-glitch commented 1 week ago

Ok did some more digging and testing using https://base64.guru/converter/decode/text to see what I can come up with... So since the plugin doesn't (from what I can tell) decode the base64 into the binary before posting it in the profile.jpg file I think the only fix is to actually get the binary for the avatar into the ldap field which I can imagine will throw in some breaking characters. Gonna continue testing.