LDAP/AD name displayname problem

[tgurr]

I've followed https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md

in mxisd.yaml I have:

ldap:
  enabled: true
  connection:
    host: 'xxx'
    port: 389
    bindDn: 'CN=xxx,OU=xxx,DC=xxx,DC=xxx'
    bindPassword: 'xxx'
    baseDNs:
      - 'OU=xxx,DC=xxx,DC=xxx'
  attribute:
    name: 'cn'

and in homserver.yaml

password_providers:
  - module: "rest_auth_provider.RestAuthProvider"
    config:
      endpoint: "http://localhost:8090"
      policy:
        registration:
          profile:
            name: true
        login:
          profile:
            name: true

When loggin in with riot-web I can see the name correctly changing on every login in the left corner whether I set the name: attribute in myisd.yaml to either 'cn':

or 'displayName':

so generally it appear to work so far.

However my question is in the riot-web/matrix profile the "Display Name" is not applied and/or changing accordingly, so in the rooms I'm still appearing with the matrixid:server.xxx instead of the correct name: transferred by mxisd via LDAP:

Is there anything I'm missing out?

[maxidorius]

The synapse REST password provider updates your profile via the internal structures of synapse, which have poor support for password providers. The display name updates is not sync'ed properly across your rooms by synapse. Sadly, there is nothing we can do on this end.

That is why the default settings only update the name on the account creation (on first login, if user doesn't exist) and not the following times.

[tgurr]

I see. Should I raise a bug/feature request @synapse for this then? There happen to be name changes in our organization for various reasons, e.g. fixing spelling mistakes due to failures on initial account creation or the more common reason: marriages

[maxidorius]

Yes you should. Be it a bug, a missing feature or just lack of docs, it needs to be addressed on their end as display name changes is actually a heavy-lifting process (one event per room the user is joined to) and needs to be handled a specific way in the homesever internals.

If they document how this can be done from a password provider point of view, I can implement it.

NOTE: Simply changing the name in your LDAP without the user actually performing a logout and login again will not trigger anything. With Matrix, users login very rarely. The process of starting up the client is usually confused with the login process, so I just want to be sure this is clear.

[tgurr]

@maxidorius thanks for the addtional note, this introduces another obstacle which would be a nice to have a feature to sync the name on every login or at least have an option one can enable to do so in synapse. I've opened a feature request and probably I need to open another one for that too then as I think that are two different features. But thanks for pointing that out, I guess it would've been the next problem to stumble upon.

[maxidorius]

@tgurr I'll close this for now until the ability to make this happen in synapse become possible.