powered by Jive Software

Avatar User Pics pulled from AD on Win2K - possible?


I am under the impression that this is not possible. Our AD schema is already upgraded to something AD 2k3 compatible but the GC Master Domain Super Duper Chief Server.

I can pull everthing else via LDAP - its only pics I would like to add to Openfire.

Any advise welcome and I would love to here from others how tried this.



if the pics are already stored in the AD schema then it should pull them. you can use any DC as the LDAP authenticator.

Hm, then this is what i tried so far:

  • stored a pic in the AD with my identity (used dameware utilities),

  • i can only see it with DWU

  • doesnt show up (or i cant find it) with softerras LDAP browser in the object properties of my identity, so i assume both, browser and openfire arent able to read this attribute properly because its not there as if in: yes its there but hasnt been activated/announced properly in the AD schema.

  • i did change the OF property from false to true and i corrected the LDAP mapping as well

  • this OF 3.6.4 with Spark 2.6beta

as i said before no prob to pull everything else.

this is more of an AD prob then OFs but i hoped someone else would have stumbled over the same prob.


IF dame ware was able to place the image then the schema is supported. You need only adjust your LDAP vcard attributes properly. check this : http://www.igniterealtime.org/community/docs/DOC-1773

carfull this forum threw in extra spaces. I would edit it in Notepad++ first.

sounds as i am almost positively there.

thanks, will try this on monday and report back.


It gets weirder.

When will the server update the clients? When they logoff and logon again? Is it better to reset the cache or to restart the service? What about the clientside vcard files - when are they being updated/deleted? I have thrown them away a couple of times today but to no avail.

My users are able to logon but i noticed that no information at all showed up in the vcard/profile.

I set up a second server and for a moment i was able to get some information, a useful vcard (still no picture - but i am going to put this aside for now).

I have three users who reported to me during the day that they were trying to send a message to a colleague who never responded. Thing is, he never got the message. All three the guys thought while looking at their client that they were online, when in fact the client or server seemed to have lost the connection. This makes them and me nervous. I have seen OF installations that were reliable but this one - i dont know what it is.

Is there a performace prob when OF runs on virtual machines?

I will test some more tomorrow, but right now i growing a grey hair.


make sure there are no spaces or other unrequired characters in the vcard settings in the system properties of openfire. you could copy it to a txt file and post it here. Mine is attached
vcard.txt.zip (545 Bytes)

i know what you want to tell me but there is something with my installation or my handling of the mappings that breaks them.

i made a fresh, clean install. now my client pulled some user data from the AD. i quit the client, copied and saved the mappings to notepadd++, deleted the mappings on the server, restarted openfire, deleted the user@myofserver.loc folder on the client machine, opened spark again and got empty vcards.

thats ok i have expected that.

then i wanted to put the mappings - so i did and nothing.


screenshot of the mappings after fresh install;

mapping as txt from notepad copied from fresh install and same one that i used to paste back to “system properties”.

vcard_tekuton.zip (544 Bytes)

your vcard settings were wrong. I think I have them corrected.
vcard_tekuton.txt.zip (517 Bytes)

Okay, yours worked. what am i missing here?

And what about the pics?


yours had spaces and
all over the place. The pics should be working as well.

here is an additional resource for you: http://www.igniterealtime.org/community/thread/35223

thanks for your time. i edited my ad schema but i am already on port 389. if things do not change as we both imagine i am inviting you for a GoToMeeting/NetViewer/Teamviewer session for about 30 minutes. it is not that i want you to fix my problem, i just want to demo it to make the point.


okay pics turn up now. i have used the wrong attribute. in my case pics are stored with “thumbnailPhoto” instead of “jpegPhoto”.

Now they show up in the vcards but not in the contact list.

as a hint for others. i run into a lot of problems with my mappings when i edited them outside of the webinterface. editing in the admin interface didnt break the mappings for me.

thanks a bundle


Icons in the contact list are a function of spark not the sever or ldap. if the vcard has a picture associated then it will show in the contact list if the appropriate setting is enabled in spark.

spark -> preferences -> appearance -> show avatar in contact list -> checkbox ticked

again, i am probably missing something.


Couple of things you should look at -

  1. Are you querying 3268 (entire forest) or 389 (local domain) for LDAP?
  • if using 3268, you have to make sure that you allow thumbnailPhoto or jpegPhoto (depending on which one you are putting the picture in) to be queried in the GC. Follow the directions below to fix.

Adding the Schema Manager in an MMC, I was able to locate the thumbnailPhoto (and jpegPhoto) attributes and force them to replicate to the Global Catalogs. This now allows the Avatars to appear in Spark when queurying over port 3268.

Also, if you just havent seen the pic yet, be sure to force replication of your DC’s in your domain after the pic has been uploaded (or just wait for your normal replication schedule) then log back into spark. Your picture should appear


Yeah, I have seen the other post (by you ?) and tried that. But that was before i noticed i was chasing for the wrong AD attribute.


I still have the problem that the pics dont show in the contact list. they are pulled: when you right-click the users profile its there. it just doesnt populate the contact list. this is eye-candy, but i know my boss will love it, so i want the all the credit for giving our organization its own complete an´ professional IM service.

and yes i have checked my settings in spark. but what are yours?


Tekuton -

Silly question, but just verifying that in Spark Properties, you have selected ‘Show Avatars in Contact List’ under ‘Appearance’.

Also, in the admin console for the OpenFire Server, here are my settings for my environment -





Hi Wall,

there are no silly questions. The box is checked. It is that just the contact list is blank, but when right-clicking on a user and calling up the profile all the data including pic is displayed. So the connection is working and its something with Spark (i am on 2.6.2beta but its the same with other versions of Spark).