Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-09 Thread Martin Kosek
On 12/08/2013 09:04 PM, Dale Macartney wrote:
 
 
 On 07/12/13 19:22, Dmitri Pal wrote:
 On 12/06/2013 08:56 AM, Simo Sorce wrote:
 Maybe you can open a RFE to let the framework support jpegphoto 
 natively ? Simo.
 
 Yes, that would be really nice.
 
 Here you go folks, first trac ticket so be gentle!! :-)
 
 https://fedorahosted.org/freeipa/ticket/4073

We are always gentle for users' contributions ;-) I replied to your ticket.

We will deal with the ticket on our next triage meeting. Unfortunately, some
changes to the framework are needed to accept the binary files, otherwise
this ticket would be a real quickie.

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-08 Thread Dale Macartney

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 07/12/13 19:22, Dmitri Pal wrote:
 On 12/06/2013 08:56 AM, Simo Sorce wrote:
 Maybe you can open a RFE to let the framework support jpegphoto
 natively ? Simo.

 Yes, that would be really nice.

Here you go folks, first trac ticket so be gentle!! :-)

https://fedorahosted.org/freeipa/ticket/4073


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSpNDHAAoJEAJsWS61tB+qaSIQAML3oEsiw14IeKBUjqRViszA
7soZ/9ya+aDGa4sPhsfbH0vpu2SwZkZrdH+Xdmm58OiU3m0UBGfFs7Pg2Kddw9Ud
4B+Ohsk32JkdYlCJsGV3BRt0m1vfjNwv4B2ettAokYcKTYFCkqsZnOVidqwO81iP
m1pYB0AWBoYeCGlx/GeC0EvWaqx769KvTmmUly033oISkgrJbYoedXtqXYVAJYaQ
Zx73Oc53mWKxJcDHwsTaLSS4E7v2Q9Jnw40sBId/3SilDZqWoHsFJNuf+MjF7VBC
bGcWlC6+y9wS8gP0BSeXrsuRGXtNmye1L4lgwLiqa5OpK18jP1iefjJMMJTe19EB
w/4FTsSew26xlcST8BStiSKI9RUlo3vh2/ApubYrtDeXhrNK0HCm2JL5n2sPE/ml
mDrgid2eJfqT4cSGlZ+Fv7ki0s9F2kJgZN1tM13+n6S1N2ja0wXP9Wfg9/jhdmby
xeT5jCTMKhDsfqX4VdRmbF7gOXvN1n28O8nL5amhM/Q40oPNv+tn83n/r2IVsTBr
mS6N3M8XMVn0uP8KgjXEU6rlFI3TFv6Dyctv4PsOqDo6CK2dXSAJz7gOjtqsaKIP
8G0GhOQKdfS/u3JZeDkbAi5jXqBaS210U8G5oA+hZpzhDN9jTt/dtQ0LsT5LQELV
zZTGR/7im1RGCT9C7hia
=l2LI
-END PGP SIGNATURE-

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-07 Thread Dmitri Pal
On 12/06/2013 08:56 AM, Simo Sorce wrote:
 Maybe you can open a RFE to let the framework support jpegphoto
 natively ? Simo. 

Yes, that would be really nice.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-06 Thread Dale Macartney

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 05/12/13 22:58, Simo Sorce wrote:
 On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Hi folks

 Just a quick mail from me before I call it a night.

 Today I've added user display pictures/avatars into FreeIPA, detailed
here.


https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/

 As well as pulling those images into a GNOME3 desktop session, detailed
 here.


https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/

 Would love some feedback if anyone is interested in these items.

 G'night all.


 Great stuff Dale, I wonder if ipa user-mod --addattr could be used to
 load the avatar, instead of using ldap commands.

 Simo.
G'day Simo
Thanks for the suggestion however I haven't been able to do it with an
ipa command for this task.

I've tried the following:

[root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto
--addattr=jpegPhoto: file:///root/hulk.jpg bbanner
ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value
[root@ds01 ~]#
[root@ds01 ~]#
[root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto
--addattr=jpegPhoto:/root/hulk.jpg bbanner
ipa: ERROR: invalid 'addattr': Invalid format. Should be name=value
[root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto
--addattr=jpegPhoto= file:///root/hulk.jpg bbanner
ipa: ERROR: unknown object class jpegPhoto
[root@ds01 ~]# ipa user-mod --addattr=jpegPhoto=
file:///root/hulk.jpg bbanner
- ---
Modified user bbanner
- ---
  User login: bbanner
  First name: Bruce
  Last name: Banner
  Home directory: /home/bbanner
  Login shell: /bin/sh
  Email address: bban...@example.com
  UID: 212800012
  GID: 212800012
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
[root@ds01 ~]# ipa user-show --all bbanner
  dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com
  User login: bbanner
  First name: Bruce
  Last name: Banner
  Full name: Bruce Banner
  Display name: Bruce Banner
  Initials: BB
  Home directory: /home/bbanner
  GECOS field: Bruce Banner
  Login shell: /bin/sh
  Kerberos principal: bban...@example.com
  Email address: bban...@example.com
  UID: 212800012
  GID: 212800012
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
  ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb
  jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc=
  krbpwdpolicyreference:
cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
  mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com
  objectclass: top, person, organizationalperson, inetorgperson,
inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject,
ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry
[root@ds01 ~]#

You can see that the last command of  ipa user-mod
--addattr=jpegPhoto= file:///root/hulk.jpg bbanner  however as the
jpegPhoto attribute is encoded with base64, it appears to be encoding
the characters  file:///root/hulk.jpg instead of the image file.

The above details from showing the user after the change only shows the
following text for jpegPhoto
jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc=

When using ldapmodify, that attribute looks like the following

[root@ds01 ~]# ipa user-show --all bbanner
  dn: uid=bbanner,cn=users,cn=accounts,dc=example,dc=com
  User login: bbanner
  First name: Bruce
  Last name: Banner
  Full name: Bruce Banner
  Display name: Bruce Banner
  Initials: BB
  Home directory: /home/bbanner
  GECOS field: Bruce Banner
  Login shell: /bin/sh
  Kerberos principal: bban...@example.com
  Email address: bban...@example.com
  UID: 212800012
  GID: 212800012
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
  ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb
  jpegphoto:
/9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEGBwQFCAMJAgEBAAIDAQEBAAMEAgUGAQAHEAABAgQDBAcHAQUGBwABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8uv!
 

Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-06 Thread Martin Kosek
On 12/06/2013 10:10 AM, Dale Macartney wrote:
 
 
 On 05/12/13 22:58, Simo Sorce wrote:
 On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 Hi folks
 
 Just a quick mail from me before I call it a night.
 
 Today I've added user display pictures/avatars into FreeIPA, detailed
 here.
 
 
 https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/


 
As well as pulling those images into a GNOME3 desktop session, detailed
 here.
 
 
 https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/


 
Would love some feedback if anyone is interested in these items.
 
 G'night all.
 
 
 Great stuff Dale, I wonder if ipa user-mod --addattr could be used to 
 load the avatar, instead of using ldap commands.
 
 Simo.
 G'day Simo Thanks for the suggestion however I haven't been able to do it
 with an ipa command for this task.
 
 I've tried the following:
 
 [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto 
 --addattr=jpegPhoto: file:///root/hulk.jpg bbanner ipa: ERROR: invalid
 'addattr': Invalid format. Should be name=value [root@ds01 ~]# [root@ds01
 ~]# [root@ds01 ~]# ipa user-mod --addattr=objectClass=jpegPhoto 
 --addattr=jpegPhoto:/root/hulk.jpg bbanner ipa: ERROR: invalid
 'addattr': Invalid format. Should be name=value [root@ds01 ~]# ipa
 user-mod --addattr=objectClass=jpegPhoto --addattr=jpegPhoto=
 file:///root/hulk.jpg bbanner ipa: ERROR: unknown object class
 jpegPhoto [root@ds01 ~]# ipa user-mod --addattr=jpegPhoto= 
 file:///root/hulk.jpg bbanner --- Modified user
 bbanner --- User login: bbanner First name: Bruce 
 Last name: Banner Home directory: /home/bbanner Login shell: /bin/sh Email
 address: bban...@example.com UID: 212800012 GID: 212800012 Account
 disabled: False Password: False Member of groups: ipausers Kerberos keys
 available: False [root@ds01 ~]# ipa user-show --all bbanner dn:
 uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner 
 First name: Bruce Last name: Banner Full name: Bruce Banner Display name:
 Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce
 Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email
 address: bban...@example.com UID: 212800012 GID: 212800012 Account
 disabled: False Password: False Member of groups: ipausers Kerberos keys
 available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb 
 jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= krbpwdpolicyreference: 
 cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com 
 mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com 
 objectclass: top, person, organizationalperson, inetorgperson, inetuser,
 posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser,
 ipaSshGroupOfPubKeys, mepOriginEntry [root@ds01 ~]#
 
 You can see that the last command of  ipa user-mod --addattr=jpegPhoto=
 file:///root/hulk.jpg bbanner  however as the jpegPhoto attribute is
 encoded with base64, it appears to be encoding the characters 
 file:///root/hulk.jpg instead of the image file.
 
 The above details from showing the user after the change only shows the 
 following text for jpegPhoto jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc=
 
 When using ldapmodify, that attribute looks like the following
 
 [root@ds01 ~]# ipa user-show --all bbanner dn:
 uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner 
 First name: Bruce Last name: Banner Full name: Bruce Banner Display name:
 Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce
 Banner Login shell: /bin/sh Kerberos principal: bban...@example.com Email
 address: bban...@example.com UID: 212800012 GID: 212800012 Account
 disabled: False Password: False Member of groups: ipausers Kerberos keys
 available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4abb 
 jpegphoto: 
 /9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEGBwQFCAMJAgEBAAIDAQEBAAMEAgUGAQAHEAABAgQDBAcHAQUGBwABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8!
 uv!

 

Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-06 Thread Simo Sorce
On Fri, 2013-12-06 at 09:10 +, Dale Macartney wrote:
 
 Any ideas? I think getting this working via ipa user-mod would be a
 better option as I don't like having people using the Directory
 manager
 account when they don't need to.
 
As Martin mentioned you don't need to use DM:

Usee:
  ldapmodify -Y GSSAPI
instead of:
  ldapmodify -x -D dn -w

It would certainly nice to make jpegphoto a recognize attribute, so that
when --jpegphoto is passed (or --addattr=jpegphoto, the framework takes
the value, assume it is a local file, opens it and slurps the contents
in.

Maybe you can open a RFE to let the framework support jpegphoto
natively ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-05 Thread Simo Sorce
On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi folks
 
 Just a quick mail from me before I call it a night.
 
 Today I've added user display pictures/avatars into FreeIPA, detailed here.
 
 https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/
 
 As well as pulling those images into a GNOME3 desktop session, detailed
 here.
 
 https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/
 
 Would love some feedback if anyone is interested in these items.
 
 G'night all.
 

Great stuff Dale, I wonder if ipa user-mod --addattr could be used to
load the avatar, instead of using ldap commands.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-05 Thread Petr Spacek

On 5.12.2013 23:58, Simo Sorce wrote:

On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi folks

Just a quick mail from me before I call it a night.

Today I've added user display pictures/avatars into FreeIPA, detailed here.

https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/

As well as pulling those images into a GNOME3 desktop session, detailed
here.

https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/

Would love some feedback if anyone is interested in these items.

G'night all.



Great stuff Dale, I wonder if ipa user-mod --addattr could be used to
load the avatar, instead of using ldap commands.

Simo.


I linked your articles from FreeIPA wiki:
http://www.freeipa.org/page/HowTos#Fancy_things_.28user_Avatars_etc..29


Re: 
https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/


 In LDAP based systems, the attribute is “jpegPhoto” and in Active 
Directory, although “jpegPhoto” is available, Microsoft applications seem to 
use the “thumbnailPhoto” value.


You could do a experiment with attribute aliases. As usual - try this in a 
staging environment first, I haven't tested that!


Modify /etc/dirsrv/slapd-EXAMPLE-COM/schema/06inetorgperson.ldif
attributeTypes: ( 0.9.2342.19200300.100.1.60
  NAME 'jpegPhoto'
to
  NAME ('jpegPhoto', 'thumbnailPhoto')

and restart directory server.

Please let us know how it works :-)

--
Petr^2 Spacek

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users