Hello.
Is it possible to sync user’s avatars from Active Directory and restrict users to change it?
Hello, @mak
Old topic but just making sure that you get your question answered. The usage of Profile Picture Attribute should do the trick here:
Let me know how it goes on your end.
Hello,
This settings works fine for new users created in Mattermost with AD sync.
Is it possible to update already created accounts in Mattermost with pictures from AD?
Hi, @elnino
Thank you for the confirmation. The implementation of the Profile Picture Attribute should apply across the entire user directory as long as the account from the AD side has the thumbnailPhoto or jpegPhoto attribute set accordingly.
Can you please confirm that the information is also being pulled for existing users when you perform the following?
- Enable active log tailing by running the following command on the Mattermost Server CLI:
tail -f /opt/mattermost/logs/mattermost.log > ldap_sync.log
-
Navigate to System Console > AD/LDAP and click on AD/LDAP Synchronize Now button.
-
Once the sync gets completed, press
Ctrl + Cto stop the process. -
Either use
cat,lessornanoto view theldap_sync.logand trace for anyERRORthat appears during that particular sync -
Confirm that the profile picture of the existing users were shown as expected after logging out and logging in again to the session that you are in.
Let me know how it goes on your end. Thanks.
Hi Ahmad,
LDAP sync is working fine but I don’t have profile picture updated.
Only user who logout and login again, gets picture profile updated.
Ldap_snyc.log is without errors:
{“level”:“info”,“ts”:1601559070.804563,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase3GetLdapUsersFromLdap-fm”}
{“level”:“info”,“ts”:1601559070.9369051,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase4SyncLdapUsers-fm”}
{“level”:“info”,“ts”:1601559071.0464435,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase5SyncSamlUsers-fm”}
{“level”:“info”,“ts”:1601559071.1499038,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase6GetGroups-fm”}
{“level”:“info”,“ts”:1601559071.2540793,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase7GetLdapGroups-fm”}
{“level”:“info”,“ts”:1601559071.3636057,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase8SyncGroups-fm”}
{“level”:“info”,“ts”:1601559071.4690306,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase9SyncGroupMembership-fm”}
{“level”:“info”,“ts”:1601559071.5830424,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase10SyncGroupMembersToChannelsAndTeams-fm”}
{“level”:“info”,“ts”:1601559071.6967077,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase11SyncTeamRoles-fm”}
{“level”:“info”,“ts”:1601559071.8028255,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase12SyncChannelRoles-fm”}
{“level”:“info”,“ts”:1601559130.607002,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase1GetLdapUsers-fm”}
{“level”:“info”,“ts”:1601559130.609624,“caller”:“mlog/log.go:176”,“msg”:“Found users with LDAP configured”,“workername”:“EnterpriseLdapSync”,“num_ldap_users”:40}
{“level”:“info”,“ts”:1601559130.7129629,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase2GetSamlUsers-fm”}
{“level”:“info”,“ts”:1601559130.8163285,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase3GetLdapUsersFromLdap-fm”}
{“level”:“info”,“ts”:1601559130.947686,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase4SyncLdapUsers-fm”}
{“level”:“info”,“ts”:1601559131.0539613,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase5SyncSamlUsers-fm”}
{“level”:“info”,“ts”:1601559131.1573687,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase6GetGroups-fm”}
{“level”:“info”,“ts”:1601559131.2614748,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase7GetLdapGroups-fm”}
{“level”:“info”,“ts”:1601559131.3707674,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase8SyncGroups-fm”}
{“level”:“info”,“ts”:1601559131.474617,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase9SyncGroupMembership-fm”}
{“level”:“info”,“ts”:1601559131.5894697,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase10SyncGroupMembersToChannelsAndTeams-fm”}
{“level”:“info”,“ts”:1601559131.702237,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase11SyncTeamRoles-fm”}
{“level”:“info”,“ts”:1601559131.8086722,“caller”:“mlog/log.go:176”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:“github.com/mattermost/mattermost-server/v5/enterprise/ldap.(*LdapSyncWorker).phase12SyncChannelRoles-fm”}
Regards,
Hi, @elnino
Got it. What we see here is an expected behavior based on the information included in the documentation - Configure AD/LDAP Synchronization:
Scroll down to Synchronization Interval (minutes) to specify how often Mattermost accounts synchronize attributes with AD/LDAP. The default setting is 60 minutes. The profile picture attribute is only synchronized when the user logs in.
I hope this answers the question that we have here. Let me know if you have any further concerns. Thanks.