Hello, I enabled debug-mode for ldap-connections and checked the log.
AD-Binding works, AD-query also works, there is exactly one hit, the log displays like all my AD-attributes. After that, the log shows errors - and "caused at" shows: "Data truncation: Data too long for column 'pictureuri' at row 1 (...)". Which seems weird, because <ldap_user_picture_uri> is not set (first it starts with #, so it's a comment, second there is no value). Does anyone know how to provide user-pictures for ldap-accounts? Here's the anonymized log: DEBUG 05-18 11:24:15.221 o.a.d.l.c.a.LdapNetworkConnection:596 [NioProcessor-10] - MSG_04126_REMOVING (3,org.apache.directory.ldap.client.api.future.BindFuture) DEBUG 05-18 11:24:15.249 o.a.o.c.l.LdapLoginManager:232 [0.0-5080-exec-4] - getByLogin:: authenticated ? true, login = 'mylogin', domain = 1, user = User [id=2, firstname=Alexander, lastname=MyLastname, login=mylogin, pictureuri=null, deleted=false, languageId=2, address=Address [id=2, country=DE, street=My Street N. 1, town=Mytown, zip=12345, deleted=false, [email protected], phone=+49 (01234) 123 - 456], externalId=null, externalType=null, type=ldap] DEBUG 05-18 11:24:16.137 o.a.d.l.c.a.LdapNetworkConnection:830 [NioProcessor-10] - MSG_04137_NOD_RECEIVED () ERROR 05-18 11:24:16.139 o.a.o.c.l.LdapLoginManager:262 [0.0-5080-exec-4] - Unexpected exception. org.springframework.orm.jpa.JpaSystemException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.; nested exception is <openjpa-3.1.0-rafcec21a1d489dff682a3ce7986fac6a1c80e8e0 fatal general error> org.apache.openjpa.persistence.PersistenceException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. FailedObject: org.apache.openmeetings.db.entity.user.User-2 at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:408) at org.springframework.orm.jpa.DefaultJpaDialect.translateExceptionIfPossible(DefaultJpaDialect.java:128) at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:538) at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:744) at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:712) at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:631) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:99) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySpringCGLIB$$9dce9d40.update(<generated>) at org.apache.openmeetings.core.ldap.LdapLoginManager.login(LdapLoginManager.java:250) at org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:291) at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:194) at org.apache.openmeetings.web.pages.auth.SignInDialog$SignInForm$1.onSubmit(SignInDialog.java:248) at org.apache.wicket.ajax.markup.html.form.AjaxButton$1.onSubmit(AjaxButton.java:113) at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter.onSubmit(AjaxFormSubmitBehavior.java:223) at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1308) at org.apache.wicket.markup.html.form.Form.process(Form.java:1001) at org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100) at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:825) at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:176) at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:127) at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598) at org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:306) at org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:280) at org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:222) at org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:208) at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:914) at org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65) at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:282) at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253) at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221) at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70) at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:206) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:299) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:643) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1682) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1105) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:596) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:574) at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127) at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219) at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: org.apache.openjpa.persistence.PersistenceException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred. at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2470) at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2308) at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:2199) at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:2116) at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:84) at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1600) at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:1035) at org.apache.openjpa.persistence.EntityManagerImpl.commit(EntityManagerImpl.java:669) at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:534) ... 62 common frames omitted Caused by: org.apache.openjpa.persistence.PersistenceException: Data truncation: Data too long for column 'pictureuri' at row 1 {prepstmnt 906753354 UPDATE om_user SET updated = ?, pictureuri = ? WHERE id = ?} [code=1406, state=22001] at org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:5250) at org.apache.openjpa.jdbc.sql.DBDictionary.newStoreException(DBDictionary.java:5210) at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:134) at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:75) at org.apache.openjpa.jdbc.kernel.BatchingPreparedStatementManagerImpl.flushBatch(BatchingPreparedStatementManagerImpl.java:226) at org.apache.openjpa.jdbc.kernel.BatchingConstraintUpdateManager.flush(BatchingConstraintUpdateManager.java:65) at org.apache.openjpa.jdbc.kernel.AbstractUpdateManager.flush(AbstractUpdateManager.java:108) at org.apache.openjpa.jdbc.kernel.AbstractUpdateManager.flush(AbstractUpdateManager.java:81) at org.apache.openjpa.jdbc.kernel.JDBCStoreManager.flush(JDBCStoreManager.java:757) at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:146) at org.apache.openjpa.datacache.DataCacheStoreManager.flush(DataCacheStoreManager.java:679) at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:146) ... 70 common frames omitted Caused by: org.apache.openjpa.lib.jdbc.ReportingSQLException: Data truncation: Data too long for column 'pictureuri' at row 1 {prepstmnt 906753354 UPDATE om_user SET updated = ?, pictureuri = ? WHERE id = ?} [code=1406, state=22001] at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219) at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:195) at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$1000(LoggingConnectionDecorator.java:58) at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeUpdate(LoggingConnectionDecorator.java:1188) at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:308) at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeUpdate(JDBCStoreManager.java:1856) at org.apache.openjpa.jdbc.kernel.PreparedStatementManagerImpl.executeUpdate(PreparedStatementManagerImpl.java:271) at org.apache.openjpa.jdbc.kernel.BatchingPreparedStatementManagerImpl.flushSingleRow(BatchingPreparedStatementManagerImpl.java:255) at org.apache.openjpa.jdbc.kernel.BatchingPreparedStatementManagerImpl.flushBatch(BatchingPreparedStatementManagerImpl.java:158) ... 77 common frames omitted ERROR 05-18 11:24:16.140 o.a.w.DefaultExceptionMapper:170 [0.0-5080-exec-4] - Unexpected error occurred java.util.MissingResourceException: Unable to find property: 'null' for component: signin [class=org.apache.openmeetings.web.pages.auth.SignInDialog]. Locale: null, style: null at org.apache.wicket.Localizer.getString(Localizer.java:269) at org.apache.wicket.Localizer.getString(Localizer.java:201) at org.apache.wicket.Localizer.getString(Localizer.java:131) at org.apache.wicket.Component.getString(Component.java:1834) at org.apache.wicket.Component.getString(Component.java:1821) at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:196) at org.apache.openmeetings.web.pages.auth.SignInDialog$SignInForm$1.onSubmit(SignInDialog.java:248) at org.apache.wicket.ajax.markup.html.form.AjaxButton$1.onSubmit(AjaxButton.java:113) at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter.onSubmit(AjaxFormSubmitBehavior.java:223) at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1308) at org.apache.wicket.markup.html.form.Form.process(Form.java:1001) at org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100) at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:825) at org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:176) at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:127) at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598) at org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:306) at org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:280) at org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:222) at org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:208) at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:914) at org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65) at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:282) at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253) at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221) at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70) at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:206) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:299) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:643) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1682) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1105) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:596) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:574) at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127) at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219) at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <[email protected]> Gesendet: Montag, 18. Mai 2020 12:41 An: [email protected] Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello, Another Update: I also tried the AD-attribute <photo>. And I also used a software instead of PowerShell (CodeTwo Active Directory Photos 1.32 - this software also checks the imagefiles for allowed maximum size). Still - doesn't work ("Internal Error"). By the way (this might actually be an important information): One DOESN'T get "Internal Error" if there is no AD-Photo provided. So all users with no picture stored in AD can login. The second I save <ldap_user_attr_picture=thumbnailPhoto> or <ldap_user_attr_picture=jpegPhoto> or <ldap_user_attr_picture=photo> AND try to login with a an LDAP-user-account, that has an image stored in AD, I get "Internal Error". I'm beginning to think, that openmeetings cannot read pictures from AD (octet string). Has anyone managed to use AD-stored-photos OR found a way to provide LDAP-accounts with photos? Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <[email protected]> Gesendet: Montag, 18. Mai 2020 12:03 An: [email protected] Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello, update on my question. CHECKING ANOTHER AD-ATTRIBUTE --------------------------------------------------- I just checked the AD-attribute <jpegPhoto>, which also can be used to store pictures in Active Directory (<ldap_user_attr_picture=jpegPhoto>). Doesn't work either ("Internal Error"). CHECKING THE PICTUREFILES -------------------------------------------------- After that, I checked my picture-files (to make sure, there is nothing wrong with them) and I created two picturefiles "from scratch", meaning, I copied my picture into Windows Paint and saved it as .png and as .jpg and even as .bmp. I imported the jpg using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.jpg -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Still: "Internal Error" when trying to login. Then I used the png using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.png -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Still: "Internal Error" when trying to login. Then I used the bmp using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.png -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Last command led to an error, since <thumbnailPhoto> doens't accept bitmap. Still: "Internal Error" when trying to login. My picturefiles are 200x200 pixel and pretty small (png 64 kb, jpg 13 kb, bmp 118 kb). I could work on the picturefiles, if I knew what to change (like compression or dpi). But without any hints, it's like a needle in a haystack. And I don't know if the files are the problem or the AD-attribute or the way, the pictures are stored in AD. Does anyone have an idea? Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <[email protected]> Gesendet: Montag, 18. Mai 2020 10:40 An: [email protected] Betreff: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello, we are using OpenMeetings 4.0.10 in our productive environment. LDAP-Configuration (om_ldap.cfg) works fine, except for getting thumbnails/pictures stored in Active Directory. If I uncomment the line <ldap_user_attr_picture=thumbnailPhoto> and save the config-file, I cannot login anymore with my Active-Directory-account - OpenMeetings shows an internal error instead. The only AD-account with a picture stored is my own (so far). The AD-attribute ist thumbnailPhoto, so that is correct. Outlook displays my picture, so that works, too. I wouldn't really need AD-stored photos, but I would like my user-accounts to have pictures, so one doesn't just see a lot of questionmarks-profilepictures, when starting a conference without webcam. If I use the LDAP-connection, I can provide a picture for my account, but this picture is discarded the next time I log in. So the ldap-connection configured doesn't let me change openmeetings-accounts permantenly - which is logical, since they are ldap-accounts. I just need a way to provide accounts with pictures. I wouldn't mind configuring them manually. Does anyone know how to provide user-pictures for ldap-accounts? Have a nice day and an even better week, Alex PS: If this already has been discussed and there is an answer I haven't found by myself, I apologize. In that case, can you just send my the link tot he previous discussion?
