On 12/06/2013 10:10 AM, Dale Macartney wrote: > > > On 05/12/13 22:58, Simo Sorce wrote: >> On Thu, 2013-12-05 at 22:32 +0000, Dale Macartney wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> >>> Hi folks >>> >>> Just a quick mail from me before I call it a night. >>> >>> Today I've added user display pictures/avatars into FreeIPA, detailed > here. >>> >>> > https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ >>> >>> > As well as pulling those images into a GNOME3 desktop session, detailed >>> here. >>> >>> > https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/ >>> >>> > Would love some feedback if anyone is interested in these items. >>> >>> G'night all. >>> > >> Great stuff Dale, I wonder if ipa user-mod --addattr could be used to >> load the avatar, instead of using ldap commands. > >> Simo. > G'day Simo Thanks for the suggestion however I haven't been able to do it > with an ipa command for this task. > > I've tried the following: > > [root@ds01 ~]# ipa user-mod --addattr="objectClass=jpegPhoto" > --addattr="jpegPhoto:< file:///root/hulk.jpg" bbanner ipa: ERROR: invalid > 'addattr': Invalid format. Should be name=value [root@ds01 ~]# [root@ds01 > ~]# [root@ds01 ~]# ipa user-mod --addattr="objectClass=jpegPhoto" > --addattr="jpegPhoto:/root/hulk.jpg" bbanner ipa: ERROR: invalid > 'addattr': Invalid format. Should be name=value [root@ds01 ~]# ipa > user-mod --addattr="objectClass=jpegPhoto" --addattr="jpegPhoto=< > file:///root/hulk.jpg" bbanner ipa: ERROR: unknown object class > "jpegPhoto" [root@ds01 ~]# ipa user-mod --addattr="jpegPhoto=< > file:///root/hulk.jpg" bbanner ----------------------- Modified user > "bbanner" ----------------------- User login: bbanner First name: Bruce > Last name: Banner Home directory: /home/bbanner Login shell: /bin/sh Email > address: bban...@example.com UID: 212800012 GID: 212800012 Account > disabled: False Password: False Member of groups: ipausers Kerberos keys > available: False [root@ds01 ~]# ipa user-show --all bbanner dn: > uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner > First name: Bruce Last name: Banner Full name: Bruce Banner Display name: > Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce > Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email > address: bban...@example.com UID: 212800012 GID: 212800012 Account > disabled: False Password: False Member of groups: ipausers Kerberos keys > available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4a0000bb > jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= krbpwdpolicyreference: > cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com > mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com > objectclass: top, person, organizationalperson, inetorgperson, inetuser, > posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, > ipaSshGroupOfPubKeys, mepOriginEntry [root@ds01 ~]# > > You can see that the last command of " ipa user-mod --addattr="jpegPhoto=< > file:///root/hulk.jpg" bbanner" however as the jpegPhoto attribute is > encoded with base64, it appears to be encoding the characters "< > file:///root/hulk.jpg" instead of the image file. > > The above details from showing the user after the change only shows the > following text for jpegPhoto jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= > > When using ldapmodify, that attribute looks like the following > > [root@ds01 ~]# ipa user-show --all bbanner dn: > uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner > First name: Bruce Last name: Banner Full name: Bruce Banner Display name: > Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce > Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email > address: bban...@example.com UID: 212800012 GID: 212800012 Account > disabled: False Password: False Member of groups: ipausers Kerberos keys > available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4a0000bb > jpegphoto: > /9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAAAAAAAAAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEAAAAAAAAAAAAGBwQFCAMJAgEBAAIDAQEBAAAAAAAAAAAAAAMEAgUGAQAHEAABAgQDBAcHAQUGBwAAAAABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAAAAAAAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8! uv! > > aTpwhSK4uilWtSTWu9w599/KLF52adHWWoqVWw6x/1GnnHAxqjpBNoQtll1SS+kJcVWm58m7S3EgWPKAvB159tIQUOrcUn5hlpzyd+lTEkRnL9M8TYVVuZmNwp2dXXN2l90FVBTkKAwHq4eWLe1zEZsS0y6ltc0k5H1lNdokDdC6nerc1IsYUmmpQYeF9IcKxJpSFNNMTXw0SQCTpqrL3GtK6iFotNUJgPz+GTDCyl1tST3UHruMfRK21mpMWZky65mKSSDWsF0HHRuRcr1Se6PbAmLT3NxPwn19I92AxyUmgodYZKpuHyaluppxOulB3/7xV3t4NQy17R8eS9Ne6tL/u8vupA1Uv43Promp04R89rH23DLyVUPLvv6+kaBxXr8/XGCOOdImEsWhQZ1A04cL/0gaS1alyogJRmqLnkT38uZiGvKRzxHLT0YI65HNHnF7ITJQ4FJVlI7aeYPiIXlx6ISs0J7CG3SHcyElKyF5k7vNBBPeQSCLiKek5JSz0qw3Fegsum7aH6arcJV9dQO+gj5/N7Nd1MSU6fdAeqZWVok3VsqfzBgXeQuojRMdAcSWUISltSq0LalIT41+1Il80p9SyxH2S4S84VSM+mijZLlFf62yfEVjU1/kKaeNkb2n9HnujOHoW+6znmCpLIbVmXUC6qEcK2UQQOFTDvfs50eNT721dUs1ueOpP1PHnwi/SlTnrdvhDQbjSp1qfCCOJhZQn4syuz1w7LQIVeN1J305koFf0nnbwB10gQLudqtsoGRpsG5KqKJ7hc9wFI4gDymleN/vDaa3okhPK1fKvkaQJ1SZd6Dhtf+zyff2K5Q1CFEuIVwqnVJqfsKit4o59l5CisUeV8VIzeNcgKmnq1C1174JhUS4Zjs9LKzsukV4V9fiFpqLp6YJ7SJ6XfDylLzV3wk2VT1yikmhhnT2h9LJjFJ4zDzqlq4JKlKyJ+UZictdcotG246KaZIqWQVrCcpI! > PL+nPSL+S5kDo277vt122hUU23qJ+TgO8/QRnvk+jvVWJ6Pv5Mxy5TfMTbxHDjB+4vVClp > DaBWw3spoXPnPytIPipVof7Z7ICJMhvCtd07/ABG0+W3y+J7IV0ulmVSVVWWjZRucvZenOFdehMd6P50obLeQpC1lSVpcqFWRRFtOPGl+EWESiWf7PebaC1CsusqRmHNPiCLKvqNK0h7XFBlUlVdaClPX3tDDrbXsxk0OSs4oKTTZZi2TRSSPiFdRwINxqNYy1p/tAcs9Zh9a98caFJBqgGnGleFeR4wJxFzGtq15RNAQsSEy5TdsfoD/ALcYUHLfEpDLUqVVRUAkAW7eXV4698aKsquYbF9kfRVp2VmZt5AUmuRuum7dRt9o+UfyuXzEQ2/FTQH05xhlx9Mq23lbYSE0G6qvxKOUnXhXSLfhr9kOSWfVOPBrJtFFCz1DrQX489OHGN4z0ybuFFgsNusqNWt1xvjTnbgdK84zVjA1Rs2fdKpzFbm0WPnrv9m6NOceVi7wfDk4hOvPPLal0JO8coSlCeATY3Og4mFZkYeY3IyvujZk07dT5yZyndG7kSEVvuipJNOJ0EGiVaSmLYIpKUIzJWyhopISQQFZfmFTvbxKT1VaRbRYJlGYUoAJrdJI/wDE/wA41Zl6VewroujFEPtlxDOZtwtqV/1B/h/5hcE1jC8k5MG8YRJqk6xcnE5KnNnwSlViOZ5/g8IEILcKZbZQpx4glW7l6x/PbFdYyM5zEUtSWcFKSfr37t9Yq6x5MSCEOsziZdSm85CHEZUih2qlKyZqGpvQlWiRakXnos9AGG1YdgbbTVAlLYbqnXPqtVr7xuOenZHwKZ7Wbz1DC3SDBi49t0qOZYvrX/NxtqdY+01tnhh5qT8y0wnOFl4FKNwJooFX8ZURQcbAnhreNfWWdlAw7EXmVhQFRW/8Q7eNuRg9oebBwfGG8QTMTE2wE+5yu0OQZeoMqFZDTXdTQcKqJjMTUUXdHcf6PrkFB1Di5kLzJaSndf3aAZjZtKdVKUe6sJdJemRLP9JJuY2bctJyjL! KE! > > pQkbWqafH1SK14i1u+HMVyM5Kzam0pflWWkrOXaS5SWwa7qspv2GgqIWkNgfpVhhlsTfa+Ut6fxpzcftWNjSfBtpP2cY1MSTOdtSkpOtOz8G1ReMzyRo2suIc41Prvi9MPgvGutY85q3amj1ian+XrwhXB9Xk+8iZZGUFJSKkVypHOhr5iAV9iSP/Zy0j9oID9NkEOONp5qpQa0PbS3lFTz+j3H7aQ6TTrrbWRF8xP31pr9RWPl/FDT3kmZXG00O0TWlu3x8bxtZqo9CWITcndS0BSldVCbn7CvnY6xdViSsg5tpsu1LCWQvkakfU8+Qi1mSzUnRBp11uYalm6JOWuc0QlNN41sd7TLmy0uRwjNSqLEx0r6IY21MkLZSGgnOlTW62tB4gJAG7xAJOto1lbQQHUh0VU1JOzzfvLOybbUhtRS8hxzNvoqmuTKi6SsArVpSEJkmefRuXemmXHC0UtVScpV1lU6yUk1T81KRmZNMf9N2s/SmbCUlaGVMpXb/ALSa6+WutI3FP8mlhLIMuoN8A2nMkWub/wBO+EbAM3JcjSm0pIUTpAkzNlsAVlBW6hBN8tM1O8jyijm61xwEjl610Zj+k5PVoF2dx9pfO0SUVBSd31/KIoiiaxp95H7wiuWml/PjzivihvQnMuIaASmq1HX+I9t/pWLSIVqTIIyL2hyqcPPRI5Dy7RELSZhfpmPdXg4UJWlWqFVUEngQk/L1hltXnCuaJr0B6NS+FuYM0rZvF15a84ClNpUn4RtMpyDUnUk2EZyWemTAw2QcRiTmFTF5ScZM3KAuBzIpNnmkOdvW7T9YdANL/hQBClNpRlUGwodXaK0uEnhxFIUTBuLyjaMqUJRVpzIrLYDLqn6DWlqawkg88ZqRozMzxpWemVlJXuqJqpe6DqimUIV86a6ExuN9IFYG3q7XPqqhJ62vGGPy4RTTSuUXkrIwGJRzKFZT/Pv52in1ZC1Mk/s7vIob2VWn! > 0F4pdNq+afNEIzVCRaDQ8Glruew1i1JPpK/ira9O0/N/SIuuOxWTU1/9vRiYQvwaTnn1/w > B22RVc5VnMT2UAPfSFbTA61VheJKyuLl1EOLCAUbwzEdXKDXu4QDx+SbTXQvGVsPKkJyY90KaIyzSFN0roM4smvAGxF4rbEzn6TPPsS7U2r/m4XNIXYpKXGl7q0pKeCkHMeAPOEazqvM7EukM2hLWUryOlNyq6hQUUrKfh4XFaUhOZFAmMTiJaUmpt9RcCEKUco3lAnfHHf+EZteJgUeZdefGM9KXcRnS8hBblkrytNKUCpCeBVlCUlVLUTRKeqkUqT9E648nvzMs00ClVVvV2nNI/J1rwirwMinG1J4U9dsXa4TBNrylJvw19acuMDwxr7w6XdcWSnOclzl19fSOWGSHz+9oiu6ONj+n8RCHkJS696oKC7y1K1UKkcNB64xGXRhNKcThbz1AFZ0oBzCu/1iATU003erWp1EL19kJI6VnX2F5mXFtKoRmQopNDqLHjpSNYE0dgvtQnGNkiZYZmWW1hVB+6cqE5RvJBFr2KbxmZ4oTaM/tm6OvtTHveDOOuTM1LKWmrakhiXG6MyqFS1aKTRKaXBtSK34v2igYbjSMRwecS0lbbRdcCG17wbY6+yz/K2TlQTSqdYo7VySZ+yk7tPd0qACUst5hxAy5kkgU13eApFVKCXiOHMz0ouSeWZdp5BClV6qfgUa36+U5b1vWkcrPl558410bncODG3S1lcTZTdxmRYpV/GetUcNI+ibqZYuv11+nr8wyOY7zSFCtK9tPxy5RmtWoSewyt0m/r13RZxZFQ/wB5aVbN3iG3hRLlLgJShSndVHsHyjzhCTAPdUELPKsWiCwT1+daH1+YWdNQOybuHrZFDNbF8JzJSQM5RTJmUnKaJoVipGmU1qOQrpZYUg1obHiDr43jVhOdI88lIYWb0N9O31pANSbm6Ays03hsyjKoIfaWb6VFrV5j6GkfPuT2UO1547WxNmU7TerU9X4bmtrfiKdBeTeEYpM4c8WVuJzUyml1lI6thXIez! je! > > PVQZIxqZnVs7CZStNrVuAtH0rXvoQKxqIdZ/fQR+YvYMG2Jm1/X356RksXmu7bYWqp3e45vXKJvLtElXiDr9vXjAEUlGFuqTVrLn0BSKG/CmvZw74lqJVYzgUxL7zjZRU9WoVl+x8DeNBFi6kSw4nIF/FdKuBH9OMEky4LG/mO0SUGzid7LfiOzsMFTEbM4h0/v5dqb69VJ3XTX4idd3UDjfnHig2lcK6IqcrNpxiSbzJ6iUubuSquugbylUSkVIANbgQPtIZ99CsBwyaWw6zLuIZZTmWZpCMyngpWRLZBNGEINVlQqtzUmgEUtpQN/FHkhKmWUhDZOW2gbQNaAdZRuAm1KxnSKs/ZDjeHmdWCkrNGW/iv/iLpe/WANLX7II41s5PrwfBlTrq2jMNNIb2ahurzJra9/1WrAvt5gtOJIx33lx1lLS20hwFHWr2Chr+njwNou8AZG6SyDzD1es2bJUBbuPaI0VZMi5MsBUmqqn165xltafEMtqScwzDy8IYL4ImJ4oF0oPKo/29c4GGsJPFdm6pYGWoNALivj308ogWUU3OPPLJIBCjavD1qbQ4kIXcEbcw8hvP7xRK05wAA6NUtqBoUOJsDa8EiQdJiUngnMlKcq60roUkcKH7EGHphY6JJKRZffSClKa3K6qSP9Ir9hSAkm+sC6N4kmRztvzS2PlzNTCECmpS6gkV4EKqBYxn7SRELypeWZO1ogAZ1ZhQkfpT8A1A58IroAKTDOmGHTGIu59xtkgt2zld76WTQaVoAKxdTVwFdLvaMVTbgk6+76ZaApqOVPtUQ/WjzPE103xKZa2My8641ly5TfdHUrx3e+LaKDhhjGHWQQ2VJSrUCw8PD6wXEn4vGH1JUCapX1greHj56xHHDo2m6Sbnjbh2/wDyI+etZqMU1+HXTKfWnoRZEJDzqk1Kan7fiHCaksTqnu0ht4SNSinFoQK31KeA4m3Lx0gIbTeAYRvJIFUFKRU! > kZKdxIPfxpFfMgKf2lYThSGG1hoNvZqbRISlZ/UpI30cgQSDeHaWRY4l1vB2rayeHI+HnF > 1JvGl5Hp5ictJpl2iU9auc7t/0mp+appGexDqS2IYnic0twvzCiFa0NE05ISPMmsaGCuFwiWFSkKOU+ufnDqK5ZlkVABoDbs8IW1ISpw6VpvZxX4hlPlTWA6i4NyDal7NKq/JXd+nG/ZHdLrBWCPilGVGulN6p+kc1N/9k= > > krbpwdpolicyreference: > cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com > mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com > objectclass: top, person, organizationalperson, inetorgperson, inetuser, > posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, > ipaSshGroupOfPubKeys, mepOriginEntry [root@ds01 ~]# > > > Any ideas? I think getting this working via ipa user-mod would be a better > option as I don't like having people using the Directory manager account > when they don't need to.
First, not that users do not need to use DM account. Even when using ldapmodify they can bind as their regular user and change their own attribute. You would just probably need to add appropriate selfservice permission (ipa help selfservice). As for the attribute change, you indeed need to bass the BASE64 contents of the file as the --setattr or --addattr options expects just a raw value on the input. This should be working: # wget https://www.dalemacartney.com/wp-content/uploads/2013/12/ejabberd_avatar.png # ipa user-mod tuser1 --setattr="jpegphoto=`base64 ejabberd_avatar.png -w 0`" I did not test it on ejabberd, but the value was there. Alternatively, you could also extend the User object in FreeIPA and add new attribute definition: # cat /usr/lib/python2.6/site-packages/ipalib/plugins/user-jpegphoto.py from ipalib.plugins.user import user from ipalib.parameters import Bytes from ipalib.text import _ /usr/lib/python2.6/site-packages/ipalib/plugins/user-jpegphoto.py user.takes_params += ( Bytes('jpegphoto?', label=_('JPEG Photo'), ), ) # service httpd reload # ipa user-mod tuser1 --jpegphoto=`base64 ejabberd_avatar.png -w 0` but it does not add that much added value. Ideally, it would be great if you could define a File type attribute and have it be encoded automatically. But in my tests, it did not work out of the box, the framework could not handle binary values. That may be an idea for improvement of the framework. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
