Feature request: Option to automatically set the user's display name to an LDAP attribute value on first LDAP login #23
Comments
|
I don't currently know how to actually add 3rd party identifiers, like the email address, or for that matter set the display name. The place to do it, bearing the |
|
@mweinelt This commit must help Set name from ldap on registration and fix log format But in this way you can not attach e-mail. I hope to deal with this later. |
|
With this changes all work fine for me. |
|
I need to find time to review the changes, but I'm rather busy with work these days. Give me a few days, please. |
|
Any news on this? The Login is working fine so far, but it would be nice to be able to use the email and Name for the Search. |
|
@Metzlmane look here https://github.com/slipeer/synapse-ldap-password-provider , but for propertly work "email from LDAP" you need identity server too - read docs in synapse-ldap-password-provider |
|
I think the changes from @slipeer are sane and needed, but they depend on some changes to synapse as far as I remember, and a review from @erikjohnston. My motivation is slowly fading away :( |
|
Any progress on this? We have LDAP configuration and logged in users for the first time does not get their DisplayName set from LDAP: Nor does Email |
|
I recommend to use https://github.com/kamax-io/mxisd for LDAP auth - it fill normally all fields for user at first login. |
|
We tried MXISD at first, but it was not as straightforward to set up compared to this one. There is no RPM package for it, only Debian. Which would require us to manually build it. |
|
so anyone does have auto fill working with email or display name? |
|
We are using mxisd. All works great. It is more flexible. |
|
Any news about this ? Does anyone have it working with |
|
For anybody else who comes here... I use freeipa as a ldap provider and am using matrix-synapse-ldap3. What really helped me was viewing the log on the ldap server. Comparing the attempted auth with a known good one (from another system) provided the necessary tweaks to make things work. password_providers:
|
|
This is my diff to get email and display name working against our internal ldap, using matrix_synapse_ldap3-0.1.3: diff --git a/fs/root/miniconda3/lib/python3.7/site-packages/ldap_auth_provider.py b/fs/root/miniconda3/lib/python3.7/site-packages/ldap_auth_provider.py
index 6e7d029..47f5f4f 100644
--- a/fs/root/miniconda3/lib/python3.7/site-packages/ldap_auth_provider.py
+++ b/fs/root/miniconda3/lib/python3.7/site-packages/ldap_auth_provider.py
@@ -169,7 +169,7 @@ class LdapAuthProvider(object):
search_filter=query,
attributes=[
self.ldap_attributes['name'],
- self.ldap_attributes['mail']
+ self.ldap_attributes['mail'],
]
)
@@ -185,12 +185,16 @@ class LdapAuthProvider(object):
name = attrs[self.ldap_attributes['name']][0]
try:
mail = attrs[self.ldap_attributes['mail']][0]
- except KeyError:
+ except Exception:
mail = None
# create account
user_id, access_token = (
- yield self.account_handler.register(localpart=localpart)
+ yield self.account_handler.register(
+ localpart=localpart,
+ displayname=name,
+ emails=[mail] if mail else []
+ )
)
|
|
Well, just delving into Matrix and setting up my own personal synapse homeserver for family/friends, and the group of companies that I work for will be soon to follow. Absolutely loving Matrix/Synapse/Riot so far, but the identity stuff (3PIDs) is confusing and seemingly problematic. I will eventually run a sydent instance I suppose, but until then basic LDAP auth will do me fine. However, this sub-project seems broken (as of 0.1.3), the mail and name attributes specified in the default homeserver.yaml are useless. And setting mode: "search" doesn't do anything. @AXGKI changes above basically fixes most of this broken behaviour, leaving only login via email / phone number not available. But the patch above makes it totally usable for me, I just want the Email and Display Name to be pulled from my already populated LDAP server. Can we not get a PR for this? I can't see why this breakage needs to go on an longer. Is this sub-project deprecated? Even so, such fundamental bugs should be addressed or else the sub-project should be purged. Thanks @AXGKI for sharing the solution, any chance you can submit a PR, I will test and second it. |
|
Yeah - so a few months down the track, I've stumbled across this too.... Can we kick it down the road a bit to fix this issue? |
|
Version 0.1.4 has this feature though a bit vague from the changelog. Needs enabling |
Many LDAP databases contain display names or full names for users. For example:
On first login, a Matrix user is created for the corresponding LDAP account. However, display names are not set by default, so users must enter their own display name. The user in the above example will display as
@jdoe:example.comuntil they manually enter a different display name into their client app.It would be nice if
matrix-synapse-ldap3could be configured to automatically set users' display names based on their LDAP information on first login. For example, if a server could be configured to set default display names from thecnLDAP attribute, the user in the above example would have their default display name set toJohn Doe.The text was updated successfully, but these errors were encountered: