Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On 12/08/2013 09:04 PM, Dale Macartney wrote: On 07/12/13 19:22, Dmitri Pal wrote: On 12/06/2013 08:56 AM, Simo Sorce wrote: Maybe you can open a RFE to let the framework support jpegphoto natively ? Simo. Yes, that would be really nice. Here you go folks, first trac ticket so be gentle!! :-) https://fedorahosted.org/freeipa/ticket/4073 We are always gentle for users' contributions ;-) I replied to your ticket. We will deal with the ticket on our next triage meeting. Unfortunately, some changes to the framework are needed to accept the binary files, otherwise this ticket would be a real quickie. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/12/13 19:22, Dmitri Pal wrote: On 12/06/2013 08:56 AM, Simo Sorce wrote: Maybe you can open a RFE to let the framework support jpegphoto natively ? Simo. Yes, that would be really nice. Here you go folks, first trac ticket so be gentle!! :-) https://fedorahosted.org/freeipa/ticket/4073 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSpNDHAAoJEAJsWS61tB+qaSIQAML3oEsiw14IeKBUjqRViszA 7soZ/9ya+aDGa4sPhsfbH0vpu2SwZkZrdH+Xdmm58OiU3m0UBGfFs7Pg2Kddw9Ud 4B+Ohsk32JkdYlCJsGV3BRt0m1vfjNwv4B2ettAokYcKTYFCkqsZnOVidqwO81iP m1pYB0AWBoYeCGlx/GeC0EvWaqx769KvTmmUly033oISkgrJbYoedXtqXYVAJYaQ Zx73Oc53mWKxJcDHwsTaLSS4E7v2Q9Jnw40sBId/3SilDZqWoHsFJNuf+MjF7VBC bGcWlC6+y9wS8gP0BSeXrsuRGXtNmye1L4lgwLiqa5OpK18jP1iefjJMMJTe19EB w/4FTsSew26xlcST8BStiSKI9RUlo3vh2/ApubYrtDeXhrNK0HCm2JL5n2sPE/ml mDrgid2eJfqT4cSGlZ+Fv7ki0s9F2kJgZN1tM13+n6S1N2ja0wXP9Wfg9/jhdmby xeT5jCTMKhDsfqX4VdRmbF7gOXvN1n28O8nL5amhM/Q40oPNv+tn83n/r2IVsTBr mS6N3M8XMVn0uP8KgjXEU6rlFI3TFv6Dyctv4PsOqDo6CK2dXSAJz7gOjtqsaKIP 8G0GhOQKdfS/u3JZeDkbAi5jXqBaS210U8G5oA+hZpzhDN9jTt/dtQ0LsT5LQELV zZTGR/7im1RGCT9C7hia =l2LI -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On 12/06/2013 08:56 AM, Simo Sorce wrote: Maybe you can open a RFE to let the framework support jpegphoto natively ? Simo. Yes, that would be really nice. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/12/13 22:58, Simo Sorce wrote: On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures/avatars into FreeIPA, detailed here. https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ As well as pulling those images into a GNOME3 desktop session, detailed here. https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/ Would love some feedback if anyone is interested in these items. G'night all. Great stuff Dale, I wonder if ipa user-mod --addattr could be used to load the avatar, instead of using ldap commands. Simo. G'day Simo Thanks for the suggestion however I haven't been able to do it with an ipa command for this task. I've tried the following: [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto: file:///root/hulk.jpg bbanner ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value [root@ds01 ~]# [root@ds01 ~]# [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto:/root/hulk.jpg bbanner ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto= file:///root/hulk.jpg bbanner ipa: ERROR: unknown object class jpegPhoto [root@ds01 ~]# ipa user-mod --addattr=jpegPhoto= file:///root/hulk.jpg bbanner - --- Modified user bbanner - --- User login: bbanner First name: Bruce Last name: Banner Home directory: /home/bbanner Login shell: /bin/sh Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False [root@ds01 ~]# ipa user-show --all bbanner dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner First name: Bruce Last name: Banner Full name: Bruce Banner Display name: Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry [root@ds01 ~]# You can see that the last command of ipa user-mod --addattr=jpegPhoto= file:///root/hulk.jpg bbanner however as the jpegPhoto attribute is encoded with base64, it appears to be encoding the characters file:///root/hulk.jpg instead of the image file. The above details from showing the user after the change only shows the following text for jpegPhoto jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= When using ldapmodify, that attribute looks like the following [root@ds01 ~]# ipa user-show --all bbanner dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner First name: Bruce Last name: Banner Full name: Bruce Banner Display name: Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb jpegphoto: /9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEGBwQFCAMJAgEBAAIDAQEBAAMEAgUGAQAHEAABAgQDBAcHAQUGBwABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8uv!
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On 12/06/2013 10:10 AM, Dale Macartney wrote: On 05/12/13 22:58, Simo Sorce wrote: On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures/avatars into FreeIPA, detailed here. https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ As well as pulling those images into a GNOME3 desktop session, detailed here. https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/ Would love some feedback if anyone is interested in these items. G'night all. Great stuff Dale, I wonder if ipa user-mod --addattr could be used to load the avatar, instead of using ldap commands. Simo. G'day Simo Thanks for the suggestion however I haven't been able to do it with an ipa command for this task. I've tried the following: [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto: file:///root/hulk.jpg bbanner ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value [root@ds01 ~]# [root@ds01 ~]# [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto:/root/hulk.jpg bbanner ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto= file:///root/hulk.jpg bbanner ipa: ERROR: unknown object class jpegPhoto [root@ds01 ~]# ipa user-mod --addattr=jpegPhoto= file:///root/hulk.jpg bbanner --- Modified user bbanner --- User login: bbanner First name: Bruce Last name: Banner Home directory: /home/bbanner Login shell: /bin/sh Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False [root@ds01 ~]# ipa user-show --all bbanner dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner First name: Bruce Last name: Banner Full name: Bruce Banner Display name: Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry [root@ds01 ~]# You can see that the last command of ipa user-mod --addattr=jpegPhoto= file:///root/hulk.jpg bbanner however as the jpegPhoto attribute is encoded with base64, it appears to be encoding the characters file:///root/hulk.jpg instead of the image file. The above details from showing the user after the change only shows the following text for jpegPhoto jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= When using ldapmodify, that attribute looks like the following [root@ds01 ~]# ipa user-show --all bbanner dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner First name: Bruce Last name: Banner Full name: Bruce Banner Display name: Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email address: bban...@example.com UID: 212800012 GID: 212800012 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb jpegphoto: /9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEGBwQFCAMJAgEBAAIDAQEBAAMEAgUGAQAHEAABAgQDBAcHAQUGBwABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8! uv!
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On Fri, 2013-12-06 at 09:10 +, Dale Macartney wrote: Any ideas? I think getting this working via ipa user-mod would be a better option as I don't like having people using the Directory manager account when they don't need to. As Martin mentioned you don't need to use DM: Usee: ldapmodify -Y GSSAPI instead of: ldapmodify -x -D dn -w It would certainly nice to make jpegphoto a recognize attribute, so that when --jpegphoto is passed (or --addattr=jpegphoto, the framework takes the value, assume it is a local file, opens it and slurps the contents in. Maybe you can open a RFE to let the framework support jpegphoto natively ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures/avatars into FreeIPA, detailed here. https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ As well as pulling those images into a GNOME3 desktop session, detailed here. https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/ Would love some feedback if anyone is interested in these items. G'night all. Dale -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSoP8RAAoJEAJsWS61tB+qfMgP/244KCvHZsQEVEym1ZZOMwXt zcznmRoik6sGKac1CWYO+BkPvHjEN+/IEKEW35x6OYfhSRcmJ72GFXXnOCG2ZR8c ppFcj41qZBtOKSHwrpmpLbUCa1BqAD8TAwaF4mfqy5ykqGu6z5j8M7xVPXU0GBig xzqYoEdJ23ZaSroxC+FPWB17D1IEezgiCQ7Ti9goZRv1WaH3GNvMHG8wIblM5zKG 7PqUkrvGxsNaV5ueFkJKnOqvLdJtcLMswmEcj5noUqTDRJZzygMZgsr65r5eId9k fnHSVKUOpxW6WEg2FfM7bAfhN4PyvjnMQppfp/1varplywvp4bZNngCJRKgIRZ45 Jl4rWWJrwlr5nXzBZjCm/n8s3d0OziUQqOTZvHp6ijNoGnLksUQuYgdXWJDI5Mz9 Zb5x4DrYhlOHR0sG8tUK0ezSEF/UL+4MySjNaljM2cBKC/GMjIRWG5Dz8rKI2W2I fBg20mYNdIracpfzN01Kl4bbJitVKaFsWF4QgkLMCAFfdNmktrXNnBVl6OpQduLy +zGswEL4KrDw0hsWH/6aTjEtElLInhS50ONJIXZzv0mNxJMnZUiEdxrdg5GCConh 83v9DSyc7AAPN2CJ1/AtdKh/PohNPy6CaLOFRvfEGwuUX1k47gx29F0JZ80W233o HVUWHwCtaRr/ecg48R7U =vyRU -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures/avatars into FreeIPA, detailed here. https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ As well as pulling those images into a GNOME3 desktop session, detailed here. https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/ Would love some feedback if anyone is interested in these items. G'night all. Great stuff Dale, I wonder if ipa user-mod --addattr could be used to load the avatar, instead of using ldap commands. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
On 5.12.2013 23:58, Simo Sorce wrote:
On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks
Just a quick mail from me before I call it a night.
Today I've added user display pictures/avatars into FreeIPA, detailed here.
https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/
As well as pulling those images into a GNOME3 desktop session, detailed
here.
https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/
Would love some feedback if anyone is interested in these items.
G'night all.
Great stuff Dale, I wonder if ipa user-mod --addattr could be used to
load the avatar, instead of using ldap commands.
Simo.
I linked your articles from FreeIPA wiki:
http://www.freeipa.org/page/HowTos#Fancy_things_.28user_Avatars_etc..29
Re:
https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/
In LDAP based systems, the attribute is “jpegPhoto” and in Active
Directory, although “jpegPhoto” is available, Microsoft applications seem to
use the “thumbnailPhoto” value.
You could do a experiment with attribute aliases. As usual - try this in a
staging environment first, I haven't tested that!
Modify /etc/dirsrv/slapd-EXAMPLE-COM/schema/06inetorgperson.ldif
attributeTypes: ( 0.9.2342.19200300.100.1.60
NAME 'jpegPhoto'
to
NAME ('jpegPhoto', 'thumbnailPhoto')
and restart directory server.
Please let us know how it works :-)
--
Petr^2 Spacek
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
