powered by Jive Software

OF3.8.1 and AD LDAP avatars in Spark

Hello all,

I set up a new Openfire server 3.8.1 using many hints from postings here for the ldap.vcard-mapping and also defined ldap.override.avatar to true. A problem which I still though have since a long time is getting the avatar picture from Active Directory.

All the values in the vCard are fine and come from AD. But as soon as the user has a picture in AD (we use the thumbnailPhoto attribute), Spark just shows a white square in the view profile main screen. Watching the full profile, under Avatar is only a very, very, small white square. If the user has no picture in AD, the default values (blue outline of a person) are shown. So Spark can see that there is something, it just doesn’t seem to display it.

If the user has no picture in AD but one in the database, the one in the databse is shown just fine.

Problem is the same with Spark 2.6.3 and nightly build, different user and machines, local Spark directories got deleted and server got restarted after nearly every change.

The pictures are working fine in Outlook and other applications. Could it be there is a size restriction for pictures pulled from AD? Or are there any constarints given for the picture type, size,…

Thanks in advance for any hints Steff

OpenFire by default uses the attribute jpegPhoto instead of the more common thumbnailPhoto for the avatar.

You could change it on the ldap.vcard-mapping attribute, or upload the avatars to the jpegPhoto attribute on AD

I use {thumbnailPhoto} in the ldap.vcard-mapping attribute, and seems to work as Spark shows those white squarees only if the user has a picture in AD in this attribute. If not Spark shows the standard icon.

Whatever Spark/Openfire gets back from AD, it doesn’t seem to be able to interpret it. In Outlook etc. the pictures just show up fine.

We are using W2K8R2 domain controllers, perhaps the format of the pics there is something Openfire/Spark doesn’t like!? Still trying around to get the pic showing up…

We use a W2003 level domain, and the field jpegPhoto shows up fine on Spark 2.6.3 and Openfire 3.7.1. I used a tool named AD Photo Edit to upload the image to the attribute, with a resolution of 100x100 aprox

This pointed me in the right direction…

This tool works perfectly well, so the problem is the tool we are using. Somehow the pictures we upload are fine in Outlook etc., but not good enough for Openfire/Spark

Will have to find out the difference and adjust our PHP script accordingly.

Thanks for the push in the right direction Steff

We had still the same issues with ldap pictures. Be careful with image filesize and image format to avoid further issues.

But I have a question: Can you share the php script you have created to change the AD picture? Does it work?

Best and thanks,

Benni

We use this in a rather big structure, but here’s the code function to create the picture (works perfectly well here). PHP has to be linked with ImageMagick and LDAP for this to work:

<? // needs ldapServer to connect to, user DN and user password (so only the user can change it) // chgOrDel decides whether picture is uploaded or deleted from AD function createADPicture ($ldapServer,$uid,$password,$chgOrDel) { $picFileAD = $uid . "-ad.jpg"; $imgSize = 10000; $quality = 100; // as long as created picture is bigger than 7KB and quality is > 100% WHILE (($quality > 0) && ($imgSize > 7000)): $image = new Imagick(); $image->readImage($_FILES['userfile']['tmp_name']); $image->setImageResolution(96,96); $image->setImageFormat("jpeg"); $image->setImageCompression(imagick::COMPRESSION_JPEG); $image->setImageCompressionQuality($quality); $image->stripImage(); // 96x96 recommended by MIcrosoft as a size for AD $image->thumbnailImage(96,96,true,false); $image->writeImage($picFileAD); $image->destroy(); // let's check and set the new image size $image = new Imagick(); $image->readImage($picFileAD); $imgSize = $image->getImageLength(); $image->destroy(); $quality = $quality - 1; ENDWHILE; $fileBinary = fread(fopen($picFileAD, "r"), filesize($picFileAD)); // this is wrong - the encoding should be done by AD automatically // else some applications like Spark cannot interpret it // $fileBinary64 = base64_encode($fileBinary); // so we don't base64_encode anymore and are happy :-) $newRecords["thumbnailPhoto"] = $fileBinary; // finally lets upload the pic to AD or delete it from there $ds = ldap_connect($ldapServer); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); $ldapBind = @ldap_bind($ds, $uid, $password); IF ($ldapBind): IF ($chgOrDel == "change"): $result = @ldap_mod_replace($ds, $udn, $newRecords); $result = ldap_errno($ds); ENDIF; IF ($chgOrDel == "delete"): $result = @ldap_mod_del($ds, $udn, $newRecords); $result = ldap_errno($ds); ENDIF; ELSE: $result = ldap_errno($ds); ENDIF; ldap_close($ds); }; // create a form here for the user to enter userID, password and upload a picture file // form also has two button, for change or delete picture ($chgOrDel) // if button is pressed, this script is called again // if (file was uploaded and $chngOrDel is defined) // { call the function createADPicture } // endif // can be fine tuned by returning possible error codes from AD in case something went wrong ?>

Hope it gives an idea or helps Steff

Hey Steff,

thanks for sharing with us! That’s exactly what I need to add thousands of pictures in our Active Directory.

Best Regards,

Benni