Hello,
We are using Indico v3.2.8.
( It was upgraded from v2.3.5. )
Now we are facing first/last name is blank in “Create a new Indico profile”.
Email address is shown properly.
( It comes from LDAP information. )
first/last name and Email addresses are mapping with LDAP ( We think so ).
Our IDENTITY_PROVIDERS in indico.conf:
IDENTITY_PROVIDERS = {
'ldap': {
'type': 'ldap',
'ldap': _ldap_config,
'trusted_email': True,
'default_group_provider': False,
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail'
}
}
}
( Of course, LDAP has ‘givenName’, ‘sn’ and ‘mail’. )
Do we need to set some parameters in indico.conf ?
Or is it normal behavior ?
Did you by any chance forget to restart indico-uwsgi.service after making changes to the config? Also, make sure to ‘cancel’ the signup and login again after making config changes, as the data is read from LDAP once and then stored in the session until you cancel or complete the signup process.
Thank you for your reply.
I restart indico-uwsgi but no changes.
When login attempt, indico.log shows this line:
2024-02-14 18:17:27,476 INFO 3e4e72fc254442af - indico.auth Received identity info: <IdentityInfo(<LDAPIdentityProvider(ldap)>, unyotest, address=None, affiliation=None, affiliation_data=None, email=‘unyotest@example.com’, first_name=‘Test’, last_name=‘UNYO’, phone=None)>
But first/last name are still blank…
Sorry bothering again.
I found these lines in indico.log just after “Received identity info”:
2024-02-14 18:17:27,496 INFO 3e4e72fc254442af - indico.auth Identity does not exist in the database yet
2024-02-14 18:17:27,509 INFO 3e4e72fc254442af - indico.auth Email search did not find an existing user
2024-02-14 18:17:27,599 INFO cfb0b882d0d84762 - indico.rh GET /register/ldap [IP=###.###.###.###] [PID=####]
Is this issue caused by “Email search did not find an existing user” ?
If so, how do we fix it ?
Those log messages are completely fine and expected when someone logs in for the first time.
That’s very strange. Just to clarify, this was a FRESH login (ie clicking “Cancel” and logging in through LDAP after everything was configured)?
Thank you for your response.
Just to clarify, this was a FRESH login (ie clicking “Cancel” and logging in through LDAP after everything was configured)?
Yes.
I tried more FRESH login ( registered a new user into LDAP and tried to login used it ).
But no changes…
I’ve been able to reproduce it locally and look into fixing it now.
As a workaround you can add 'synced_fields': {'first_name', 'last_name'} (add whatever else you want to sync from LDAP as well) to the config which is probably a good idea anyway. We currently only prefill any fields from LDAP when they are configured as synced. This makes no sense though and is something we’ll fix (probably only in v3.3 since there’s a good workaround).
is this on the identity provider or the auth provider?
To answer myself: The identity provider config.
Thank you for your investigation.
I tried ‘synced_fields’, it seems good.
I think I want to avoid this issue by this workaround.
( And I look foward to be fixed it )
We appreciate your clear answer and kind support !!
