email and displayname are not updated on matrix side when they are changed on LDAP server

[masscream]

When I login through LDAP account, the cn and mail attributes are linked to name and e-mail in my matrix profile. If I then change them LDAP account, the attributes are not updated on the matrix server.

To Reproduce
Steps to reproduce the behavior:

1. Login as an LDAP user for the first time to the server
2. Change your cn andmail attributes on the LDAP side
3. Login onto your matrix profile again
4. No change is passed from your LDAP server (clearing cache not helped)

Expected behavior
The linked attributes shall be passed from the LDAP server any time.

Server (please complete the following information):

• OS: RHEL 8.3
• Browser: Web version of Element in FF
• Version: 78.10.0esr
• matrix-synapse 1.32.2
• matrix-synapse-ldap3 0.1.4
• openldap (another server) @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
  Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org

[richvdh]

I think this is a dup of #109

[masscream]

I think this is a dup of #109

I'm sorry, but this is not the dup of #109 as I read, the point is a little bit different. While I agree with @azmeuk that

That would be great if other attributes could be read too, such as telephone, avatar (inetOrgPerson has a photo attribute), preferred language.

I'm having a different problem, which is that anything that the extension works with from the database all the time is just username and password. While it also pretends that the name (cn) and mail attributes are important too, it copies them only for the first time during the first login and then it completely stops caring about them, no matter if a user wants to change his/her name or e-mail which is common, it saves these values to the synapse shadow database, stored probably inside its sql file and does not allow any easy way to change them. Imho that is not the way it should work, or it shall not even copy these values from the database during the synapse profile creation, then what @azmeuk mentions would come into play. Please reopen the thread. Thank you.

[richvdh]

ok sorry, your description was very long and wasn't very easy to follow. I've edited the description - hopefully it is correct now?

(you also mention that password changes in Element are not reflected back on the LDAP server, for which see #50)

[masscream]

Np, yes it can be. Actually the previous one from @clokep was correct as well. They are not updated both directions because when the synapse creates its own profile, it touches only these entries in the database and that is that problem. I don't care about the way synapse => LDAP because I use the database for more apps and therefore I find better the concept - Administer the database and every app should update theirs, instead of every app touching the database, every its own way which calls for a conflict sooner or later. So I disabled any updates directly in the synapse conf, however synapse doesn't care also the way LDAP => itself, which makes the problem. Thanks

[behrmann]

With matrix-org/synapse#12195 it should be possible to implement this.

[behrmann]

Maybe I was too optimistic. I though the change might be as simple as

mail = response["attributes"].get("mail", [None])
mail = mail[0] if len(mail) == 1 else None
if self.conf.update_profile_information and mail:
    await self.account_handler.store_remote_3pid_association(
        user_id, "email", mail, "???"
    )

but I'm unsure about what the correct choice for the id_server argument of store_remote_3pid_association would be.