Picture as binary data will work in 5.0 m4+ :)) (from mobile, sorry for typos)
On Tue, May 19, 2020, 14:44 Ninnig, Alexander < [email protected]> wrote: > Hello Maxim and thank you very much for all your support, > > after I did BOTH > > 1) create LDAP mapping with full picture URL (and check what in DB > and UI after LDAP login) > 2) since image is empty I guess it is dropped if mapping is > commented out > in this case please specify ldap_user_picture_uri=profile.png > (then please check what in DB and in UI after LDAP login) > > OpenMeetings displays the profile.png-file in the > data/upload/profile-folder, if the AD-attribute containing the full picture > URL is NOT SET. > So THAT works. > > > At first, the other solution (putting the picture-url into the ad-field > <pager>) didn't work. > I checked the database and found out, that the string was cropped, so the > URL was not complete. > I cross-checked AD and found out, that the cropping already happened in > the AD -> the ad-field <pager> is limited... D'OH! *blush* > So I put my profile-picture-URL in the AD-field <info> and changed the > om_ldap.cfg --> NOW THAT WORKS, TOO. > What's really good: If user upload their picture once, it is save das > profile.png in their profile-folder (at least I think that). > So I don't even have to manually copy the pictures into the matching > profile-folders. > > > > So now I have two possibilities, to provide user-pictures for > ldap-accounts in openmeetings 4.0.10: > > [summing up for other users] > > 1. Open your Active Directory: Misuse an empty AD-field (like <info>) and > put an URL to the user-picture in this AD-field (for every user). Be sure > to check that your chosen field is not limitated and therefore crops the > URL. > Commandline an your openmeetings-linux-server: cd > /opt/red54010/webapps/openmeetings/data/conf > Commandline on your openmeetings-linux-server: sudo vi om_ldap.cfg > Edit the om_ldap.cfg an your openmeetings-linux-server, so the line > contains the matching AD-field, I use the AD-field <info>, so my line is: > ldap_user_attr_picture=info > Save the om_ldap.cfg on your open-meetings-linux-server (entering :w! and > :q! if using VI) > > 2. Commandline an your openmeetings-linux-server: cd > /opt/red54010/webapps/openmeetings/data/conf > Commandline on your openmeetings-linux-server: sudo vi om_ldap.cfg > Edit the om_ldap.cfg an your openmeetings-linux-server, change the line > to: ldap_user_picture_uri=profile.png > Save the om_ldap.cfg on your open-meetings-linux-server (entering :w! and > :q! if using VI) > Commandline an your openmeetings-linux-server: cd > /opt/red54010/webapps/openmeetings/data/upload/profiles > Here, you find one folder for each profile, that has logged-in before, the > names of the folders are like "profile_1". > In your openmeetings-webseite, you'll find the profile-numbers under > "Administration" and "Users". > Mount a netshare and put all your user-pictures in this netshare (you can > use these commands (without brackets): <sudo apt install cifs-utils>, <sudo > mkdir /media/netshare>, sudo mount -t cifs -o username=YOURWINDOWSNAME > //YOURSERVER/WINDOWSNETSHARE /media/netshare>). > Copy the files from your netshare into the matching profile-folders, using > a commandline like: sudo cp /media/netshare/jackson_john.png > /opt/red54010/webapps/openmeetings/data/upload/profiles/profile_2/profile.png > - OR - make the user upload their picture ONCE. This should save their > uploaded picture as profile.png in the folder. > > > You're brilliant. Thank you VERY much! > > Best wishes, > Alex > > > -----Ursprüngliche Nachricht----- > Von: Maxim Solodovnik <[email protected]> > Gesendet: Montag, 18. Mai 2020 18:00 > An: Openmeetings user-list <[email protected]> > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for > LDAP-accounts) > > Hello Alex, > > you can use any DB query tool including command line :) > > Can you please do the tests one by one? :)) > > 1) create LDAP mapping with full picture URL (and check what in DB and UI > after LDAP login) > 2) since image is empty I guess it is dropped if mapping is commented out > in this case please specify ldap_user_picture_uri=profile.png (then > please check what in DB and in UI after LDAP login) > > On Mon, 18 May 2020 at 22:14, Ninnig, Alexander < > [email protected] <mailto: > [email protected]> > wrote: > > > OK, I got it figured out. > I had to grant phpmyadmin priviliges on open4010. > Now I can browser the om_user-table of open4010. > > The LOCAL user (first user after the installation, the > admin-account) has the line: > pictureuri varchar(255) [empty dropdown-field] [unchecked > checkbox] profile.png > This one displays a user-picture (local account). > > My LDAP-user-account has the line: > pictureuri varchar(255) [empty dropdown-field] [checked > checkbox] <empty> > This one displays the questionmark-profilepicture. > > I tried to enter "profile.png" and save this (via phpMyAdmin), > that's the string, phpMyAdmin creates and submits: > UPDATE `om_user` SET `deleted` = b'0', `forceTimeZoneCheck` = > b'0', `pictureuri` = 'profile.png', `show_contact_data` = b'1', > `show_contact_data_to_contacts` = b'0' WHERE `om_user`.`id` = 2; > This leads to errors in phpMyAdmin, which one can choose to ignore. > Opening this dataset again show, that pictureuri now hast he value > profile.png [with an unchecked checkbox, whatever that is]. > Login in OpenMeetings still works, but still no profile-picture. > > I probably could enter some sort oft he following string as > commandline (the rest shouldn't be related to my problem): > UPDATE `om_user` SET `pictureuri` = 'profile.png' WHERE > `om_user`.`id` = 2; > Actually this one doesn't work, since I did not tell, which > database to use. > I would have to add <on 'open4010'.*> or something like that. > > > So I'm still not at the end here. > > > -----Ursprüngliche Nachricht----- > Von: Ninnig, Alexander <[email protected] > <mailto:[email protected]> > > Gesendet: Montag, 18. Mai 2020 16:44 > An: [email protected] <mailto: > [email protected]> > Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide > pictures for LDAP-accounts) > > I installed PHPMyAdmin - it works, OpenMeetings also still works, > so I didn't mess it up. > But now I don't know the structure oft he open4010-database, so I > cannot start a query. > > Can you suggest a browser that I can use in order to browse > (instead of having to start queries)? > Or can you tell me where to look? > I guess you suggested to look up the users in open4010-database > and find out which pictures each account uses. > > > Best wishes, > Alex > > > -----Ursprüngliche Nachricht----- > Von: Ninnig, Alexander <[email protected] > <mailto:[email protected]> > > Gesendet: Montag, 18. Mai 2020 16:25 > An: [email protected] <mailto: > [email protected]> > Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide > pictures for LDAP-accounts) > > Sorry, I have to ask, because I haven’t done this so far: > > I can check what’s stored in the DB via phpMyAdmin? > > Can I install phpMyAdmin without messing with OpenMeetings? > > I never looked into MariaDB, so I have to start from the beginning. > > Or can you provide me with queries I can use from commandline > (sudo mysql -u root)? > > If not, I would install MyPHPAdmin using the following lines and > hope that I’m able to check what’s stored in the DB: > > > > > > sudo apt update > > sudo apt upgrade > > sudo apt install -y apache2 apache2-utils > > systemctl status apache2 > > sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT > > sudo ufw allow http > > sudo chown www-data:www-data /var/www/html/ -R > > sudo apt install php7.2 libapache2-mod-php7.2 php7.2-mysql > php-common php7.2-cli php7.2-common php7.2-json php7.2-opcache > php7.2-readline > > sudo a2enmod php7.2 > > sudo systemctl restart apache2 > > php --version > > sudo apt install phpmyadmin [choose apache2] > > sudo mysql -u root > > show grants for phpmyadmin@localhost; > > exit; > > sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT > > sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT > > sudo ufw allow http > > sudo ufw allow https > > > > > > Von: Maxim Solodovnik <[email protected] <mailto: > [email protected]> > > Gesendet: Montag, 18. Mai 2020 15:10 > An: Openmeetings user-list <[email protected] <mailto: > [email protected]> > > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide > pictures for LDAP-accounts) > > > > > > > > On Mon, 18 May 2020 at 20:06, Ninnig, Alexander < > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > wrote: > > Hello Maxim, > > ok, well, so that sounds cool. I wouldn't mind doing that > manually. > > To get that right: > > Option 1 is to use a free AD-attribute (for us, that would > be "pager") and enter a URL to the user-picture (like < > https://intranet/people/gallery/alex.jpg>) and edit om_ldap.cfg > (<ldap_user_attr_picture=pager>)? > That doesn't get me an "Internal Error", but it doesn't > work either. Where my profilepicture should be, openmeetings just displays > an "x" (like when an image is not linked correctly in website). > > > > Can you check what is stored in the DB? > > > > In my om_ldap.cfg, there is a parameter called > <ldap_user_picture_uri>, but as far as I understand this is a picture to > use for ALL accounts, who don't have a picture provided by the > ldap-connection. > > > > Yes, this is correct > > > > > Option 2 is to manually copy my userpictures as > "profile.png" in the right profile-folder. What did you mean by "and > comment-out LDAP mapping"? Just comment-out the line with the picture? > > I did that, I copied the picture into the profile-folder, > but it is not used, there is just the questionmark-profile-picture. > > > > Could you check what in the DB? > > > > I commented-out <ldap_user_attr_picture> and > <ldap_user_picture_uri>. > The picture (profile.png) is there (profile-upload-folder, > here /opt/red54010/webapps/openmeetings/data/upload/profiles/profile_169), > but it's just not used. > Is there another string in my on_ldap.conf I would have to > comment-out? > Of course I still want to use the om_ldap.cfg and not > local accounts. > > By the way: In my personal account-profile-folder, there > already was the right image, because I manually uploaded one before via > openmeetings-website. It's just not used (the profile-picture in my > profile-folder). > > Thanks for your help, > Alex > > > -----Ursprüngliche Nachricht----- > Von: Maxim Solodovnik <[email protected] <mailto: > [email protected]> <mailto:[email protected] <mailto: > [email protected]> > > > Gesendet: Montag, 18. Mai 2020 14:19 > An: Openmeetings user-list <[email protected] > <mailto:[email protected]> <mailto: > [email protected] <mailto:[email protected]> > > > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide > pictures for LDAP-accounts) > > There are several options :)) > > On Mon, 18 May 2020 at 19:09, Ninnig, Alexander < > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > > wrote: > > > Hello Maxim, > > so, I don't have to make more tests - it just will > not work, right? > > > > Yes, OM expects to get the URL but get lots of binary data > > > > Or in other words: I have to wait for a stable > version of OpenMeetings 5? > Without being a pain, is there a timeline for the > stable version of OM5? > > > > I really hope it will be next version > ETA depends on issues reported and their severity :( > > > > > > Or is there another way to provide pictures for > ldap-accounts? > > > > 1) I can backport the fix to 4.0.x > 2) you can > 1. create field in LDAP with full URL to the picture > OR > 2*. (haven't tested it) you can put pictures as > "/webapps/openmeetings/data/upload/profiles/profile_XXXXX/profile.png" for > each of your users (and comment-out LDAP mapping) > > > > I wouldn't even doing this manually, but those > pictures always get deleted with the next login (since they don't come with > the ldap-query). > Could I change ldap-accounts to local accounts? > But if I did, people would have to use different > accounts again, which is also not really cool. > Damn, I thought I could make that work. > > > What's weird is, that my error is not the same as > in the link you provided. > My error says: "Data truncation: Data too long for > column 'pictureuri' at row 1" > The link you provided shows the error: " > ERR_13215_VALUE_EXPECT_STRING The value is expected to be a String". > > Best wishes, > Alex > > -----Ursprüngliche Nachricht----- > Von: Maxim Solodovnik <[email protected] > <mailto:[email protected]> <mailto:[email protected] <mailto: > [email protected]> > <mailto:[email protected] <mailto: > [email protected]> <mailto:[email protected] <mailto: > [email protected]> > > > > Gesendet: Montag, 18. Mai 2020 13:52 > An: Openmeetings user-list < > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto: > [email protected]> <mailto:[email protected] > <mailto:[email protected]> > > > > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I > provide pictures for LDAP-accounts) > > Hello Alex, > > this was implemented for M4 > https://issues.apache.org/jira/browse/OPENMEETINGS-2262 < > https://issues.apache.org/jira/browse/OPENMEETINGS-2262> > But wasn't backported to 4.0.x .... > > On Mon, 18 May 2020 at 17:41, Ninnig, Alexander < > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > > > wrote: > > > Hello, > > Another Update: > > I also tried the AD-attribute <photo>. > And I also used a software instead of > PowerShell (CodeTwo Active Directory Photos 1.32 - this software also > checks the imagefiles for allowed maximum size). > Still - doesn't work ("Internal Error"). > > By the way (this might actually be an > important information): > One DOESN'T get "Internal Error" if there > is no AD-Photo provided. > So all users with no picture stored in AD > can login. > The second I save > <ldap_user_attr_picture=thumbnailPhoto> or > <ldap_user_attr_picture=jpegPhoto> or <ldap_user_attr_picture=photo> AND > try to login with a an LDAP-user-account, that has an image stored in AD, I > get "Internal Error". > > > > I'm beginning to think, that openmeetings > cannot read pictures from AD (octet string). > Has anyone managed to use AD-stored-photos > OR found a way to provide LDAP-accounts with photos? > > Best wishes, > Alex > > > -----Ursprüngliche Nachricht----- > Von: Ninnig, Alexander < > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > > > > Gesendet: Montag, 18. Mai 2020 12:03 > An: [email protected] <mailto: > [email protected]> <mailto:[email protected] > <mailto:[email protected]> > <mailto: > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]> <mailto:[email protected] > <mailto:[email protected]> > <mailto: > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > > > > Betreff: AW: OM 4.0.10, AD-Pictures (or: > how can I provide pictures for LDAP-accounts) > > Hello, > > update on my question. > > CHECKING ANOTHER AD-ATTRIBUTE > > --------------------------------------------------- > > I just checked the AD-attribute > <jpegPhoto>, which also can be used to store pictures in Active Directory > (<ldap_user_attr_picture=jpegPhoto>). Doesn't work either ("Internal > Error"). > > > CHECKING THE PICTUREFILES > > -------------------------------------------------- > > After that, I checked my picture-files (to > make sure, there is nothing wrong with them) and I created two picturefiles > "from scratch", meaning, I copied my picture into Windows Paint and saved > it as .png and as .jpg and even as .bmp. > > I imported the jpg using powershell: > Import-Module ActiveDirectory > $photo = [byte[]](Get-Content > C:\Thumbs\myself.jpg -Encoding byte) > Set-ADUser Alex -Replace > @{jpegPhoto=$photo} > Set-ADUser Alex -Replace > @{thumbnailPhoto=$photo} > Still: "Internal Error" when trying to > login. > > Then I used the png using powershell: > Import-Module ActiveDirectory > $photo = [byte[]](Get-Content > C:\Thumbs\myself.png -Encoding byte) > Set-ADUser Alex -Replace > @{jpegPhoto=$photo} > Set-ADUser Alex -Replace > @{thumbnailPhoto=$photo} > Still: "Internal Error" when trying to > login. > > Then I used the bmp using powershell: > Import-Module ActiveDirectory > $photo = [byte[]](Get-Content > C:\Thumbs\myself.png -Encoding byte) > Set-ADUser Alex -Replace > @{jpegPhoto=$photo} > Set-ADUser Alex -Replace > @{thumbnailPhoto=$photo} Last command led to an error, since > <thumbnailPhoto> doens't accept bitmap. > Still: "Internal Error" when trying to > login. > > My picturefiles are 200x200 pixel and > pretty small (png 64 kb, jpg 13 kb, bmp 118 kb). > I could work on the picturefiles, if I > knew what to change (like compression or dpi). > But without any hints, it's like a needle > in a haystack. > And I don't know if the files are the > problem or the AD-attribute or the way, the pictures are stored in AD. > > > Does anyone have an idea? > > Best wishes, > Alex > > -----Ursprüngliche Nachricht----- > Von: Ninnig, Alexander < > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > <mailto: > [email protected] <mailto: > [email protected]> <mailto: > [email protected] <mailto: > [email protected]> > > > > > Gesendet: Montag, 18. Mai 2020 10:40 > An: [email protected] <mailto: > [email protected]> <mailto:[email protected] > <mailto:[email protected]> > <mailto: > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]> <mailto:[email protected] > <mailto:[email protected]> > <mailto: > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > > > > Betreff: OM 4.0.10, AD-Pictures (or: how > can I provide pictures for LDAP-accounts) > > Hello, > > we are using OpenMeetings 4.0.10 in our > productive environment. > > LDAP-Configuration (om_ldap.cfg) works > fine, except for getting thumbnails/pictures stored in Active Directory. > If I uncomment the line > <ldap_user_attr_picture=thumbnailPhoto> and save the config-file, I cannot > login anymore with my Active-Directory-account - OpenMeetings shows an > internal error instead. > > The only AD-account with a picture stored > is my own (so far). The AD-attribute ist thumbnailPhoto, so that is > correct. Outlook displays my picture, so that works, too. > > I wouldn't really need AD-stored photos, > but I would like my user-accounts to have pictures, so one doesn't just see > a lot of questionmarks-profilepictures, when starting a conference without > webcam. > If I use the LDAP-connection, I can > provide a picture for my account, but this picture is discarded the next > time I log in. > So the ldap-connection configured doesn't > let me change openmeetings-accounts permantenly - which is logical, since > they are ldap-accounts. > > I just need a way to provide accounts with > pictures. > I wouldn't mind configuring them manually. > > Does anyone know how to provide > user-pictures for ldap-accounts? > > Have a nice day and an even better week, > Alex > > PS: If this already has been discussed and > there is an answer I haven't found by myself, I apologize. In that case, > can you just send my the link tot he previous discussion? > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > > > > > > > -- > > Best regards, > Maxim > > > > > > -- > > Best regards, > Maxim >
