LDAP: cannot login with users with jpegPhoto attribute

[sveatlo]

Description:

LDAP users with jpegPhoto attribute cannot log in to RC. A login attempt fails with error stating, that the user wasn't found or the password is incorrect. After removing this attribute, the user can log in normally.

Steps to reproduce:

1. Add jpegPhoto attribute via ldapmodify
2. Try logging in - error
3. Remove jpegPhoto attribute via ldapmodify
4. Log in successfully

Expected behavior:

Users with avatars in LDAP should be able to log in normally. (Plus the avatar should be synced)

Actual behavior:

Cannot log in with LDAP users with jpegPhoto attribute

Server Setup Information:

• Version of Rocket.Chat Server: 3.6.0
• Operating System: linux
• Deployment Method: tar
• Number of Running Instances: 1
• DB Replicaset Oplog: Enabled
• NodeJS Version: v12.16.1
• MongoDB Version: 4.2.8

Additional context

I'm not completely sure, but I have a feeling, this wasn't problem with 3.5.x versions.

[dennishenry]

We are also having this issue. If you disable "Sync user avatar" in the LDAP settings, it works, but otherwise it fails when it gets to the following in the logs:

server.js:204 LDAPSync ➔ info Syncing user avatar

[dennishenry]

This issue is still present after 3.6.1

[torygg]

This issue is still present after 3.6.1

same here

[didierm]

Duplicate of #18737 .

[Skygge666]

I confirm the issue in 3.6.1
Users cannot login with "User not found or password incorrect" message.

[WLR86]

Same here using 3.6.1. Had to disable "Sync user avatar" to allow users to log in.

[ankar84]

Logs entry at that moment:

LDAPSync ➔ info Syncing user avatar
server.js:204 LDAPSync ➔ error errorClass [Error]: File size (size = 0) is too small (min = 1) [file-too-small]
    at Object.fileTooSmallError (packages/jalik:ufs/ufs-filter.js:43:53)
    at Filter.check (packages/jalik:ufs/ufs-filter.js:89:28)
    at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:585:11)
    at DDPCommon.MethodInvocation.<anonymous> (app/ldap/server/sync.js:417:15)
    at packages/dispatch_run-as-user.js:211:14
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object.Meteor.runAsUser (packages/dispatch_run-as-user.js:210:33)
    at syncUserData (app/ldap/server/sync.js:416:11)
    at app/ldap/server/sync.js:574:6
    at SynchronousCursor.forEach (packages/mongo/mongo_driver.js:1138:16)
    at Cursor.<computed> [as forEach] (packages/mongo/mongo_driver.js:918:44)
    at sync (app/ldap/server/sync.js:564:10)
    at MethodInvocation.ldap_sync_now (app/ldap/server/syncUsers.js:24:3)
    at MethodInvocation.methodsMap.<computed> (app/lib/server/lib/debug.js:67:34)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
    at packages/ddp-server/livedata_server.js:719:19
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at packages/ddp-server/livedata_server.js:717:46
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at packages/ddp-server/livedata_server.js:715:46
    at new Promise (<anonymous>)
    at Session.method (packages/ddp-server/livedata_server.js:689:23)
    at packages/ddp-server/livedata_server.js:559:43 {
  isClientSafe: true,
  error: 'file-too-small',
  reason: 'File size (size = 0) is too small (min = 1)',
  details: undefined,
  message: 'File size (size = 0) is too small (min = 1) [file-too-small]',
  errorType: 'Meteor.Error'
}
LDAP ➔ Search.info Page

[jmit79]

The error still exists in 3.6.2. It's confusing that adding avatars for channels works, but all user avatars are blank :-/
The workaround "Disable Sync user avatar" works for now

[vasilko]

Hello,
the problem is here, too. Today, snap updated our server from 3.5.2 to 3.6.2. Users cannot login in via web, or after logout in desktop application. After disable avatar sync, everything is working fine.
As backend for users, we use LDAP.
Server: Ubuntu 18.04.5 LTS

[Neihn]

Ours was same way. Snap updated from 3.5.2 to 3.6.2 and ldap users could no longer log in. Once we disabled avatar sync users were able to log in again.

[sveatlo]

According to 3.7.0-rc.0's changelog this will me fixed in the next release.